MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e4937d9881cbbdce22d794992382cc914b1f14543a71c17b7bfc7eb9e49a558. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2e4937d9881cbbdce22d794992382cc914b1f14543a71c17b7bfc7eb9e49a558
SHA3-384 hash:	4d5cfd4eca6c7f28a5eb4d1ff76ad6c4233f7d101972151b35a75cb7d32836fb37aaac8d1782c49301d4028078b0f1ff
SHA1 hash:	7901f05910ea0f6feb251b891a87d8722b99dfe6
MD5 hash:	a93b9b48c74c1379c9d2d5f9654ae0dc
humanhash:	lion-pizza-zebra-autumn
File name:	8f8b3d31556992f736cb747ce3ccb669.exe
Download:	download sample
File size:	171'520 bytes
First seen:	2020-03-26 14:52:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:mGyx5cub5EFmEFpXIuDjohwTqvvAMzmbU2u7+K8zy9edGh+a:wd05Iu3qwTqv4u32u71x926
Threatray	2'967 similar samples on MalwareBazaar
TLSH	6CF3AF75DA41D031E2B301F5FA7D0B7B883E0E3176A5A0E6A3A116E46EB4495B42E31F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
http://altoinfor.co/files/bin_encrypted_4C627F0.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL

Win.Malware.Formbook-7399661-0

Gathering data

Threat name:

Win32.Trojan.Formbook

Status:

Malicious

First seen:

2020-03-26 15:36:11 UTC

File Type:

PE (Exe)

AV detection:

46 of 48 (95.83%)

Threat level:

5/5

Verdict:

malicious

27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20

3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec

5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6

7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6

bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3

ca457dfbc65703fcbc3d124e7aac9933713f8788f2e04a92548ff95a23619139

ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645

d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba

f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c

+ 2'957 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

50a20696c8baa53210cea5dfd671cb4838fb594ca62d0e893bfac1dc2fa8e8b9

exe 2e4937d9881cbbdce22d794992382cc914b1f14543a71c17b7bfc7eb9e49a558

(this sample)

Dropped by

MD5 8f8b3d31556992f736cb747ce3ccb669

Dropped by

MD5 524d3ae301ee1488223199b1d14722fc

Dropped by

GuLoader

Dropped by

SHA256 50a20696c8baa53210cea5dfd671cb4838fb594ca62d0e893bfac1dc2fa8e8b9

Dropped by

SHA256 dcfbc65e2d4e6f6fa3738d9a8e07bdcee9ce3be56c079fc70ce3507194a82941

URLhaus

https://urlhaus.abuse.ch/url/328573/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample