MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
SHA3-384 hash: 53b0b59eaa9d361f2d28e8fea0495197c9705696002bb95f08cf13605f8bd2c6c573996822ad38bcd37be85746b4dbe6
SHA1 hash: 26188aea582ecf86a5ba77eb3c8781791d3af3b4
MD5 hash: 973b8809995a463304e9b71ec525bace
humanhash: mockingbird-double-california-mountain
File name:f3565a6fbcdd048bd1fc997dc9570580.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-09 16:51:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:pkfVETbPA6Ao14JDL/TQs2yjlHJ8v90abQ+XqU8vm5:xgrDzcOjlHJ8vKaQiqUH5
Threatray 5'122 similar samples on MalwareBazaar
TLSH 86F3AE32D642C035E2B241B5B67D1B7B883D0E34369565FAE3A116E06FB48E5B42E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
http://castmart.ga/~zadmin/icloud/nkfb_encrypted_7659C90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 17:35:26 UTC
File Type:
PE (Exe)
AV detection:
41 of 45 (91.11%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t65g77vzbxjee5ehddmcoksjijew45ve62f5wtouf6j3arfv5via._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
FormBook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
3259355435f9e6a9b041b93c2faa1ad8a3867de478a436606702593e4e130dd0
FormBook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
FormBook
569b8cf6219a91161d48291f13285babe58b3be185623f3ec44c65c8369c2278
FormBook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
FormBook
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 5'112 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 005937660636d5c4dbcad5ca1e0c983540b3fece41d25cd401e44bb8f6bcc986

FormBook

Executable exe 9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50

(this sample)

  
Dropped by
MD5 f3565a6fbcdd048bd1fc997dc9570580
  
Dropped by
MD5 36a1c2fffa627be3ccd2a1db1c62aad8
  
Dropped by
GuLoader
  
Dropped by
SHA256 005937660636d5c4dbcad5ca1e0c983540b3fece41d25cd401e44bb8f6bcc986
  
Dropped by
SHA256 e775b002b47fb8f752a026f1152c54e6622b9fc55164c721b96c4ab62c1d8458
  
URLhaus
https://urlhaus.abuse.ch/url/337557/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments