MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb0f482d8569c848f3017f721e44274d190b622e94fa1cf9a1b4a1f84899b0bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	bb0f482d8569c848f3017f721e44274d190b622e94fa1cf9a1b4a1f84899b0bb
SHA3-384 hash:	af4dd1499aa0c29a0d225eb0d974f2b9c161ebd8ca67cd8086f6395f422b8369853626657f1108a8ddd1474ed634085d
SHA1 hash:	cc268adf5cef92bef7c5d5f2c61bf1352595feb6
MD5 hash:	e9223ad3a2c868509df0f77f79e2cf1f
humanhash:	rugby-south-stream-music
File name:	179f20936843f1aba4cda4de7febab6c.exe
Download:	download sample
File size:	171'520 bytes
First seen:	2020-03-30 21:54:24 UTC
Last seen:	2020-04-05 20:25:09 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:nRs8NPxkFwcmvCeruTj1g6Q2Bd3gPyfQPWHszOSjJqV:3zDv56j1g52/gUQr
Threatray	2'221 similar samples on MalwareBazaar
TLSH	6BF3AF32D641C035E2B242B5BA7D0B7B883D0D34329555F6E3F52AA06FE48A5F52A31F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1l6aroAmxP6H4LQ20-FqOIHHXv21wBk-L

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL

Win.Malware.Formbook-7399661-0

Gathering data

Threat name:

Win32.Trojan.Formbook

Status:

Malicious

First seen:

2020-03-30 22:35:29 UTC

File Type:

PE (Exe)

AV detection:

41 of 47 (87.23%)

Threat level:

5/5

Verdict:

malicious

1f577a72bdda8e2504e3ab0094e129efe0c8348489c5c4baf9beae2fa5cecaec

3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0

4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d

7095eec286427d0c168ef01a9d20e741032194cd9e4fb607c02a55c0a1df29c5

7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6

8efac0f1a783fbe5627c1fca4c211583bf045bd5671d89df9418220d66078c11

b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65

e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0

e69790e910b1817bcfb714f20fda02b6e024babd3dfcea8fa982192928a5df93

+ 2'211 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

19e7c26944e70dce00e61b4e30162d3e79bab520a838f912687ae3939b1cd6eb

exe bb0f482d8569c848f3017f721e44274d190b622e94fa1cf9a1b4a1f84899b0bb

(this sample)

Dropped by

MD5 179f20936843f1aba4cda4de7febab6c

Dropped by

MD5 babcd28e7e4978c839552ce9f048b4b4

Dropped by

GuLoader

Dropped by

SHA256 19e7c26944e70dce00e61b4e30162d3e79bab520a838f912687ae3939b1cd6eb

Dropped by

SHA256 efbd59c273b79218661b3251c7517e9af7b5d39c6ce795e4f82332feeea3bec9

URLhaus

https://urlhaus.abuse.ch/url/332486/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample