MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
SHA3-384 hash: fff7e34f3ca10b1c6f60ed6a78efb55c943e79ed69db703877a13d210b65dd5526a49cc292f42d11f2efe796a57d3623
SHA1 hash: 8bb03c8f58ece7ae884ebc65813a072881e0dc47
MD5 hash: 2d17e4fdb9cc948f735c87dee0d0b1f8
humanhash: lima-failed-blossom-east
File name:bab67ac4055ed3e5ad900fb2e9d08296.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-10 16:44:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:4/pUSPDp7TgwcjtCELtQu8MVm6GEGqlc7cByyju:lqJc5hQu8MVvPc7cByK
Threatray 4'429 similar samples on MalwareBazaar
TLSH E0F39E32D651C070E2B201B5F6BD077B883E4E34769594E6E3B42AE06EE44E5F52A31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
http://35.182.247.94/bin_encrypted_C5F5FCF.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-10 17:35:24 UTC
File Type:
PE (Exe)
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hpky4oz744jorv2zlt55k5vjmji4ncs5vqrqxu7hpbsa5dvyc7wa._file
Verdict:
malicious
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
Formbook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
Formbook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
Formbook
3259355435f9e6a9b041b93c2faa1ad8a3867de478a436606702593e4e130dd0
Formbook
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
Formbook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
Formbook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
Formbook
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
Formbook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
+ 4'419 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ee365f47873b354e3f10c8cd17873ec9ec15135b7e0e6648449f9de1cb7903b3

Formbook

Executable exe 3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec

(this sample)

  
Dropped by
MD5 bab67ac4055ed3e5ad900fb2e9d08296
  
Dropped by
MD5 9a3b6376a5130dbef232d0552d303202
  
Dropped by
GuLoader
  
Dropped by
SHA256 ee365f47873b354e3f10c8cd17873ec9ec15135b7e0e6648449f9de1cb7903b3
  
Dropped by
SHA256 48073aabe304b413415d5b8747c17719af84ab24eea5a0c7966985b549c85a7d
  
URLhaus
https://urlhaus.abuse.ch/url/338337/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments