MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de4c63e318ebc447867be364c7a8d9250674a6449935a2eb12fae89543520485. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de4c63e318ebc447867be364c7a8d9250674a6449935a2eb12fae89543520485
SHA3-384 hash: a469b9b298c89d92100d77bb84fb85ad747a76a3fef37184e5a941abdab60ebe0c390ab15952670ee096798398a91d67
SHA1 hash: dbcb2d248b567f908e6f106ad2c659f6169348a4
MD5 hash: 2fb972c74446ec655992a8f546fcc588
humanhash: illinois-utah-lake-angel
File name:630b90ec4907f3ec3ca7783fbb2c6329.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:172'032 bytes
First seen:2020-03-26 19:03:14 UTC
Last seen:2020-04-09 16:50:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:bbH0qPYok0kci3E6bltMTAOY+2RebDsPTT/eRHqWfmFu7:UJR3LxCTAOYHRGDoGRPfm
Threatray 5'103 similar samples on MalwareBazaar
TLSH E2F3AF32D641C431E1B242B5BA7E077B883E0E34729554E6E3B12AB46FE44A5F52E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1UeB-Bsecvg7nW2jzISZ05n1v4Qg9sxgG

Intelligence

File Origin
# of uploads :
6
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 19:35:46 UTC
File Type:
PE (Exe)
AV detection:
43 of 47 (91.49%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3zgghyyy5pcepbt34nsmpkgzeudhjjsete22f2ys7lujkq2sascq._file
Verdict:
malicious
Similar samples:
29247c960e16e376148704241453b7a008a62c050e9d11b2bba111452acb7fa3
Formbook
4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8
Formbook
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
Formbook
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
Formbook
9570f894ec4059802c7b154a4b4dba22a57229a780b375c74a8a3107d9125bb4
Formbook
aa00f82fb3dd04417a278bc9362becdf39fcb3e4e23893327e16a8792334635f
Formbook
bbbfb4d66a6d1ff1fb9f476cc8607a2a0b1a0bb27bdaba095a3715489d8e4315
Formbook
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
Formbook
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
Formbook
f9389b3ae99666514bbe467217ebd46597e6d2e919f105697a152afe1da73e18
Formbook
+ 5'093 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

8a11e5eaa242dde7780f4346918fd497439347c8e4a21baa462be47d63e9f5e8

Formbook

Executable exe de4c63e318ebc447867be364c7a8d9250674a6449935a2eb12fae89543520485

(this sample)

  
Dropped by
MD5 630b90ec4907f3ec3ca7783fbb2c6329
  
Dropped by
MD5 4ef10ca4e448539c7d53684c42334950
  
Dropped by
GuLoader
  
Dropped by
SHA256 8a11e5eaa242dde7780f4346918fd497439347c8e4a21baa462be47d63e9f5e8
  
Dropped by
SHA256 76edbc47a3ec454564067e443d82b16e53d341b6b7f33dc2b96f5c8c66f77216
  
URLhaus
https://urlhaus.abuse.ch/url/330521/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments