MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f771c3a96ef9ec780781a8082aa6aa1f0d885224e6feef33f3cd7bf5e847a48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2f771c3a96ef9ec780781a8082aa6aa1f0d885224e6feef33f3cd7bf5e847a48
SHA3-384 hash:	db9efc356c2a60bba85f4283077dfa070edefc6bb8ccf918555edc7255ece2556c965412bd79225391b5d2f06c06b23c
SHA1 hash:	f01d4db010c97f1a1e12283ff0c562fa9e850b22
MD5 hash:	b78e789a32c657b3c4481740641de97a
humanhash:	hot-maine-princess-march
File name:	d1b92daca5aadd6705f71250d9727e48.exe
Download:	download sample
File size:	172'032 bytes
First seen:	2020-03-26 15:24:33 UTC
Last seen:	2020-04-09 11:20:07 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:Z4rbiPzX/0MQGai9bIGuziEjYyYHoD4XaIgGm+0/uvNBfna:IuSGx2ziEjgHOPGm+0/uVBfna
Threatray	5'150 similar samples on MalwareBazaar
TLSH	CAF39E32D651C035E2B242F5B67D0BBB893E0E34369595FAA3B116E05FE04E5B42A31F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=15RNdyM4L4gszaX-sztHzgvc62c1E39h6

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL

Win.Malware.Formbook-7399661-0

Gathering data

Threat name:

Win32.Trojan.Formbook

Status:

Malicious

First seen:

2020-03-26 15:36:12 UTC

AV detection:

42 of 47 (89.36%)

Threat level:

5/5

Verdict:

malicious

27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20

3a0804b5ee36b66aa44341d7f9397cb93291fd788517e632b2b6a00678a5ebe3

3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b

7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5

8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741

a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091

bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3

d994985a0e58672d0274aa6d90e7c420858e61ba9a42f1d8650a793de687714a

ee886ad4641b398a0c45a2e4395d031727c8caf0054962d0ecb868a0112758a0

+ 5'140 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

c7236674912bc4e56cc488531f684548a27883c8d8fa701a71347829a94e6ccd

exe 2f771c3a96ef9ec780781a8082aa6aa1f0d885224e6feef33f3cd7bf5e847a48

(this sample)

Dropped by

MD5 d1b92daca5aadd6705f71250d9727e48

Dropped by

MD5 8d89bfdebf656415e1094c9f8763509f

Dropped by

GuLoader

Dropped by

SHA256 c7236674912bc4e56cc488531f684548a27883c8d8fa701a71347829a94e6ccd

Dropped by

SHA256 a052ea60a82309b219b92db6418093e5ad906599a329c8c968d0e1648b60917b

URLhaus

https://urlhaus.abuse.ch/url/327478/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample