MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 add555fb2d05ddfd2ac75ba137affa3a0192e47ec676e8ea51e585f2da6e33a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	add555fb2d05ddfd2ac75ba137affa3a0192e47ec676e8ea51e585f2da6e33a2
SHA3-384 hash:	b4aa77d73867a423234271ddca802b2b6f53d62503e33edf824c2a0a3d1b0988795230e458f85469c14afc76e7d99d6d
SHA1 hash:	28c3e73020a8c3b5af9a9f9e58884c8283252fb4
MD5 hash:	449df91ce76dcf972c2d8fc063100381
humanhash:	thirteen-freddie-robin-undress
File name:	9708913fb019d1c80660ce2139066198.decoded
Download:	download sample
File size:	172'032 bytes
First seen:	2020-03-26 13:46:46 UTC
Last seen:	2020-04-05 22:10:11 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:TsA84M7PHf/j2WwL0SdSBbDC6TNzbsd5C0mh/2y:TXM7TwIKkDC6TNUDvmd5
Threatray	4'736 similar samples on MalwareBazaar
TLSH	B6F3AF32D641C031E27256B4B67D0B7B883E0E34729565E6E3A029F46FB48A5F52E31F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=18H_MKt7K07uyMylJU38HHDu60FsHeu9v

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL

Win.Malware.Formbook-7399661-0

Gathering data

Threat name:

Win32.Trojan.Formbook

Status:

Malicious

First seen:

2020-03-26 13:48:22 UTC

AV detection:

39 of 45 (86.67%)

Threat level:

5/5

Verdict:

malicious

27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20

322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e

3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec

52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9

5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6

916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af

a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091

ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645

f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c

+ 4'726 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

37502f56dd1ee6b4188cbbd295ade92d64c9872955a659db25cd1338f454376e

exe add555fb2d05ddfd2ac75ba137affa3a0192e47ec676e8ea51e585f2da6e33a2

(this sample)

Dropped by

MD5 9708913fb019d1c80660ce2139066198

Dropped by

MD5 c6a07c320f8a13bc082fc9f19e7930aa

Dropped by

GuLoader

Dropped by

SHA256 37502f56dd1ee6b4188cbbd295ade92d64c9872955a659db25cd1338f454376e

Dropped by

SHA256 631e44ed98e1f833dedd11b97eef3d2dbd0407b33fd2c2c19002f2aa5e4c318d

URLhaus

https://urlhaus.abuse.ch/url/330289/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample