MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1986f889787d4d457678e2e1985b379d0b6990ed5b8ed713682d8378b9bc293d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1986f889787d4d457678e2e1985b379d0b6990ed5b8ed713682d8378b9bc293d
SHA3-384 hash: c09ae26e69a851f8b7185b553e4366ef04431652a9cb4306bd7bee9d3761241e62d59f69e3295b58d9981601e2edbe98
SHA1 hash: 6fa8f9f16a0bd37340ca6f2749448f9806c3efc8
MD5 hash: cc1aadcdfb18776be5715113f67c4e09
humanhash: twenty-indigo-autumn-pip
File name:utasarmsinc.ru_live__jon001.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:503'808 bytes
First seen:2020-03-18 19:24:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71040c5127865904b96d68fccb4d7ac9 (1 x Formbook)
ssdeep 6144:he/qXOrYFMZSVZkfeajB6cVYXlMbgcwA1XdrorBB0Yahuh:he9roMZSUfea1jYXlMbgCiSg
Threatray 4'684 similar samples on MalwareBazaar
TLSH 8DB4F1222014CDD0F5F663BE85B571A59747BCE478B3A10F36A6BA625F330C9AF04326
Reporter ov3rflow1
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2018-03-20 01:40:38 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
20e5edeac32212fe8dcc9e5ab6f872d7e647e5e78eb707f2e0704817e3c092e0
Formbook
2ff76dce8a2f9ea8d6904b9705447ff3fb45e77fa32a3f2c446f318b4aee2148
Formbook
38bb0a1d49eb96f7fae4e2e6831184522114744b354fd2b299eafc3d76bc7a62
Formbook
455f9457f0b901603911b305f2fdab9186a395cf31e9aa8f3a29243a369a8f52
Formbook
8d703de189a2ba36e099a2276e2ba596d40c54c21eec779286667e8dd6c2e5b8
Formbook
9efeacb28688b709ed2b817977d8ace64b4b4674f5540f282017c78a32755145
Formbook
9f10a3e22fd6722a29b863e9ab03a41234d3339414331bb074226dcc3195d610
Formbook
d0c571182eb67023db9b2f8c440dfc76488b23ea51819de40bbeca16fbb9322e
Formbook
e3212a19bbf13d1e8c9d6c80be5dedd5ce5d13acfd276d8a1c29370d500196bd
Formbook
e89f7cbe30c473af31238429762b1d46ed174fefa8bf559198766fb1658905fd
Formbook
+ 4'674 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1986f889787d4d457678e2e1985b379d0b6990ed5b8ed713682d8378b9bc293d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/229/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments