MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
SHA3-384 hash: 6ec82fc95f7f52f98f74345b7ee43593cb601b518922b12d9a1d904aca732f284e8dde5a9dfceb25fd213cf8007d6477
SHA1 hash: b5ee2386390621aeb724820cc4fa3ce81792fcd1
MD5 hash: 505fd01868648084fe3823eb1d42b024
humanhash: winter-nevada-alaska-tennessee
File name:57583c08f62e6451d1f9147103fe5f8c.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-09 18:28:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:vk629DPwlwvvye18fnNPXj6qHMJ74jHckl//BXL4Efj3DEZfCXQiOe:c9cJeytjxH07W8klB0Ef/sf8jOe
Threatray 5'107 similar samples on MalwareBazaar
TLSH A0F3AE31D641C035E2B251B5F67D0B7B883E4E34329564F6E3B52AA06FA44A5F42E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1ai-YOkwECbZKHyxZE6AWzmAVFp5Aj4qU

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 18:35:48 UTC
File Type:
PE (Exe)
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kk2rpmhjxypp5uzut723pz7euojiqfbx266jztl3ss54epriul4q._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
02b10c6690bd0ed3e9b675553519df78a7ede63a398d68304043eacb691fd305
Formbook
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
Formbook
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
Formbook
8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2
Formbook
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
Formbook
b76aeb95000673c2d56341cdf6b6331f868f6e1e0ab5da4e6ca0b2b399361658
Formbook
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
Formbook
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
Formbook
e841806739d99bc20e9d0c66f4f253ced0e37829bdbc834fe3001c169d62ba7c
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
+ 5'097 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

22334d4341ded8f8d453fad36b3bf9d490c9d2139be3d5fcb3b3b627d0cf348f

Formbook

Executable exe 52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9

(this sample)

  
Dropped by
MD5 57583c08f62e6451d1f9147103fe5f8c
  
Dropped by
MD5 65458dd04a7eaaa1f14654c8150021db
  
Dropped by
GuLoader
  
Dropped by
SHA256 22334d4341ded8f8d453fad36b3bf9d490c9d2139be3d5fcb3b3b627d0cf348f
  
Dropped by
SHA256 99221889e7e8f622e84b1f953bfb44fd1bbd9a5ab9ceafaf884ef8deb5946805
  
URLhaus
https://urlhaus.abuse.ch/url/337796/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments