MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bba310d0af941efeae9dd5e3bffeef258680c5633dfe1a96a4e88c8e15b5d2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	0bba310d0af941efeae9dd5e3bffeef258680c5633dfe1a96a4e88c8e15b5d2b
SHA3-384 hash:	84b5f891e0685b12af2c61f84dcc6553a90e95712577e74353ee66e46ea062f3d8d05a1ae05856cdb312c5577ca3b166
SHA1 hash:	54d85b33cb6254b726189566412230211d498280
MD5 hash:	2f0efaff39a9d5fa4017b06e279bfd17
humanhash:	spaghetti-hamper-solar-oscar
File name:	Quotation # 03020399_DISC_NOVAP (CFR) DOC000000000119111 .exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	77'824 bytes
First seen:	2020-03-19 13:32:57 UTC
Last seen:	2020-03-20 05:15:03 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f57978e471e9d552549a3fec0b9173f5 (1 x FormBook)
ssdeep	768:2dFDZA+FL6AcVhXTZXSJUz9idrV3N6mVkV+TjMw3ExREarwzMBKZvXH:2dFDWIuRVhjOBVkIh0xR+Ys
Threatray	4'831 similar samples on MalwareBazaar
TLSH	3C737D47F650EA25D554CF3E6C4AD3E111177C646AC1D68B36C6BB0F6CF00A29F2AB28
Reporter	cocaman
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Vebzenpak-7639494-0

Win.Trojan.Vebzenpak-7639767-0

Win.Trojan.Generic-7640133-0

Win.Trojan.Vebzenpak-7699953-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-03-20 00:38:58 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 30 (76.67%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=bo5dcdik7fa672xj3vpdx77o6jmgqdcwgpp6dklkj2emryk3luvq._file

Verdict:

malicious

Label(s):

guloader

FormBook

06e0e3da562a627b84f328a76d70b62326e2b5a82fd28bf943b6d3dfd1f26cb7

FormBook

09c8b2cb43b6f29d1dd7c642178ab2d89357005f7928dfb6ff5bdddba7be2891

FormBook

0cbc16717ef6c0d7e1d8ac2abba091925aec1b77db20cbff97407fcd5288736b

FormBook

1cca33c129db5378e76c95d80d989373ddd042752e19a6ba3d2a6fa7dce4dd62

FormBook

2302aa79bb34eb683a91324995a9fb366bbbe55dffb53deee00b842e75ad19c0

FormBook

2909ff5bce8e72f2007455c778afbe46192919731b197e654e6e03f47cbe421f

FormBook

97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3

FormBook

de55a1b3e711c74c00998d9c4cb0f5da9672b109e2f362ac55f4a9f4033ffbf7

FormBook

e04b0836667f55bcc1778c62761c99af52cb5c42c14cef3962531512def2944b

FormBook

+ 4'821 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0bba310d0af941efeae9dd5e3bffeef258680c5633dfe1a96a4e88c8e15b5d2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar ce38110dc9c934e3d4f834adde80a7428ed1cfff7a968607fbaaeb8408d76631

FormBook

exe 0bba310d0af941efeae9dd5e3bffeef258680c5633dfe1a96a4e88c8e15b5d2b

(this sample)

Delivery method

Other

Dropped by

SHA256 ce38110dc9c934e3d4f834adde80a7428ed1cfff7a968607fbaaeb8408d76631

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample