MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e04c8c51c9ab2c5665ab1991f9200d33aa49b7ae0a8f9880986582dc8a9db0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e04c8c51c9ab2c5665ab1991f9200d33aa49b7ae0a8f9880986582dc8a9db0e
SHA3-384 hash: bd070b633cf8919bd0795ed6190f0362cdb577dd5fedc5df88c51128db3d765dfcd78ebf55196d8b5367423222658ba2
SHA1 hash: c1857d293befb0d77cb0948fd9efe19e0169e3b5
MD5 hash: d911ce0fc48332cbcca9c5c1c4172f69
humanhash: summer-florida-fish-foxtrot
File name:COVID-19Vaccine.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:42'395 bytes
First seen:2020-03-28 09:28:29 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:KGr2DefiKzLDT5Xj8pNupQvK8/1HqXc4N01ras+Y42nAFGwALCNalU:KGrhiiDT18pNupX8tqXc600s+5pEdaae
TLSH 3B13F1DE59E4D05E2E370401F293F9A07859FF8F857D30993AB864571C2482B7A4E637
Reporter abuse_ch
Tags:arj COVID-19 FormBook GuLoader


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader that drops FormBook:

HELO: rep.pulapint.nl
Sending IP: 67.207.88.169
From: info@rep.pulapint.nl <info@rep.pulapint.nl >
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: COVID-19Vaccine.arj (contains COVID-19 Vaccine.exe)

GuLoader payload URL (dropping FormBook):
https://drive.google.com/uc?export=download&id=11gsxnBxEfe18C1fAYV9kpdESsdsXUox3

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 03:50:31 UTC
AV detection:
30 of 47 (63.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fycmrri4tkzmkzs2wgmr7eqa2m5kjg324cuptcajqzmc3sfj3mha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 2e04c8c51c9ab2c5665ab1991f9200d33aa49b7ae0a8f9880986582dc8a9db0e

(this sample)

FormBook

Executable exe 77ccc8e4098cda8ee5e2e1933a3c5e630e56b1ba17550648f0660c3977d0ad08

  
URLhaus
https://urlhaus.abuse.ch/url/330223/
  
Dropping
MD5 488862d80a112bbb96cccb90acbe60fc
  
Dropping
SHA256 77ccc8e4098cda8ee5e2e1933a3c5e630e56b1ba17550648f0660c3977d0ad08
  
Dropping
GuLoader
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 77ccc8e4098cda8ee5e2e1933a3c5e630e56b1ba17550648f0660c3977d0ad08

Comments