MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
SHA3-384 hash: 7c6bf692c85340f22380d70867146ec6addb50904cb6d40815dd8be54b488f85e4ada68c6b74ee8390aa1b9f3a84d981
SHA1 hash: 0b64b4703bf21a06e02383bfd74b0cb8b266001b
MD5 hash: 0a0fab801b1bca36f7c546fb383151aa
humanhash: seven-uniform-king-london
File name:18298f35340b3f116f15e41a371912b0.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-09 10:25:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:W8kPijPgUm0q9HoB3JFaFDCdPh7muuqio3SBToIMLuzmg1uS715KR:ai0eoIBZqDCdJ7muutoOTzkGK
Threatray 4'916 similar samples on MalwareBazaar
TLSH 1DF39E329641C031E1B241B1FA7D0B7B883D0D347695A5E6A3F12AB05FB48A5B56E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=19oD9T4s26PuzxWCC988iuJDY8Y5zPiAI

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 10:35:28 UTC
File Type:
PE (Exe)
AV detection:
28 of 30 (93.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3wjcetqdcv2bpsrtajhoak3v4eoh4hpn66quxx6laq7u2mluzcq._file
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19
FormBook
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
FormBook
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
FormBook
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
FormBook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
FormBook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
f99691f533ca56e970f2be2d26ea424ac50bff2aa2bfd43482d0a166bece71eb
FormBook
+ 4'906 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b10196994416dd6cbd06d201b6a85a5466a8832d7c6127ae87f111c5614ec354

FormBook

Executable exe ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645

(this sample)

  
Dropped by
MD5 18298f35340b3f116f15e41a371912b0
  
Dropped by
MD5 7d0d6389950f3efe483220279e68ca2b
  
Dropped by
GuLoader
  
Dropped by
SHA256 b10196994416dd6cbd06d201b6a85a5466a8832d7c6127ae87f111c5614ec354
  
Dropped by
SHA256 c403fb8b63a7f98f7810a0b21525d503c0218ac7b140747a34e3bf358293c376
  
URLhaus
https://urlhaus.abuse.ch/url/337239/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments