MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee886ad4641b398a0c45a2e4395d031727c8caf0054962d0ecb868a0112758a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee886ad4641b398a0c45a2e4395d031727c8caf0054962d0ecb868a0112758a0
SHA3-384 hash: 9002951bd8adf70c64760dacb4258587a16f90711440f2f92e976d436198558a853d92a157e4af053172f7d671125773
SHA1 hash: 074eb56f3789f23b0668cdd36295c0b5c983262a
MD5 hash: 8b1545a425dc8f75d988efffc290928d
humanhash: berlin-magazine-comet-gee
File name:NEW PO-2403200011.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:122'880 bytes
First seen:2020-03-25 06:16:58 UTC
Last seen:2020-03-25 08:12:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ac3da8f3f0dc4ff6163273f0142de49c (1 x FormBook)
ssdeep 768:+F4CcQJpkXI3+K68ntt7sW4KBqGDEkkdNBwpzfdo0TXYZsFtNwio/:+FFcQJphRPnMGDrkfBwVfdfTKsjN30
Threatray 4'860 similar samples on MalwareBazaar
TLSH E7C35B22F504D428D8995E7C8DC9C7F81172AD355E30CA873A427F6E3DF927399A86C8
Reporter jarumlus
Tags:FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Noon-7640407-0
Create hunting rule

Win.Malware.Generic-7640419-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-25 02:14:49 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=52egvvdedm4yudcfulsdsxidc4t4rsxqavewfuhmxbukaejhlcqa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f
FormBook
2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067
FormBook
2f771c3a96ef9ec780781a8082aa6aa1f0d885224e6feef33f3cd7bf5e847a48
FormBook
3a0804b5ee36b66aa44341d7f9397cb93291fd788517e632b2b6a00678a5ebe3
FormBook
6e67f9295d091f8c9fc762c738712a3516c295b3e22bc8f41465c8633cda5114
FormBook
7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5
FormBook
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
FormBook
9b7aafdd3549d2f40208d8cbf57b3763d033bfe15a31541a3ca7329e7c2d61d6
FormBook
d994985a0e58672d0274aa6d90e7c420858e61ba9a42f1d8650a793de687714a
FormBook
e5d4600354cad7a882caac33f0e18bc6702a269dab9315ef71835fbbad747626
FormBook
+ 4'850 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments