MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
SHA3-384 hash: ecc070cf6301112c166f0881597d5dc3377ea44d823b4f3a8cba4b828e2570f4a98c90170d0a5fe80f6be14b680af095
SHA1 hash: 6df20702e0b6be0a7ac0c41ad0e1021304e51e1d
MD5 hash: f234e092bc257cafdf2c1b8521709c61
humanhash: failed-louisiana-jig-quiet
File name:NEW REQUEST FOR MIDDLE EAST TENDER.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:110'592 bytes
First seen:2020-04-13 21:02:50 UTC
Last seen:2020-04-14 14:05:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 946e073b115a603dff2fb51882e91f0f (1 x FormBook)
ssdeep 768:7/msw2gQIiSqxCG6nn+6EzS07Qh/H+KqR1lz5x+hwA2ztAGVIBfeSyVNE:fvgQIiSOq1h/H+KnqAGOGVIBfeS3
Threatray 5'080 similar samples on MalwareBazaar
TLSH 1CB30651B088FD94C82A8BB21DF2C76C9940BD308D05364B7AC93F5F3A761E4B656F86
Reporter James_inthe_box
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
3
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.NetWire-7667567-0
Create hunting rule

Win.Dropper.Noon-7667582-0
Create hunting rule

Win.Dropper.LokiBot-7667993-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 21:02:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aq52cynmf4gtbrnbk6m5htrg5rrzrhjhr5mim6xp6zgop3fud5ba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
41b0a4eba05ad382e109d412680e4a5a636cbc7dc6928c5de923d689f070ece4
FormBook
71079b6770db403249ebaef088f4e3929d357ac797a470f64fd240e50a995a4c
FormBook
863edcae741d610910ba35da0f1316c16d24af983702e55ebcc743115caff92a
FormBook
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
FormBook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
FormBook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
+ 5'070 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments