MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501
SHA3-384 hash: 81aac9ab05b83edcf3fea8eff35b030bbf76387c965f9107f850e6d73946f74c61be0d4ec228d61c25a580afdd67abe7
SHA1 hash: 1e3d2e3ad339c9a7d6b7f60495e7db039e3dfb7d
MD5 hash: 8a6b5cbe466dd587f378a21456bd031b
humanhash: oxygen-pasta-utah-coffee
File name:b7dd9ec6822e25172d19f7c537f20916.decoded
Download: download sample
Signature Formbook
Create hunting rule
File size:172'032 bytes
First seen:2020-03-26 13:48:08 UTC
Last seen:2020-04-06 15:00:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:WQfqUaLPvY4iLPNQ5aiTbXgpkD9VI9HVUESFtAIcrMT:WuIjsN0TbgpkD9G9HVUdFtgo
Threatray 4'710 similar samples on MalwareBazaar
TLSH 6EF39D31D641C031E2B241B5BABD0B7B483E0E343699A4E6E3A516E16FE4895F53E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1aE3PIzftFePO74HVisnOvIGOqM0nAiDL

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 14:35:44 UTC
AV detection:
43 of 47 (91.49%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kxbaw7kc2fr3xxc5pb7y4yrl5tija4b2pqqafpivdrc7io6qouaq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
Formbook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
Formbook
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
Formbook
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
Formbook
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
Formbook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
Formbook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
Formbook
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
Formbook
e60807fbf4c0191dcca332ba7a7886bec872472e3d5dfc6cb9cba39b6c4f6322
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
+ 4'700 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe e60807fbf4c0191dcca332ba7a7886bec872472e3d5dfc6cb9cba39b6c4f6322

Formbook

Executable exe 55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501

(this sample)

  
Dropped by
MD5 b7dd9ec6822e25172d19f7c537f20916
  
Dropped by
MD5 6ad75c33622eaa8ba0755a004112375f
  
Dropped by
GuLoader
  
Dropped by
SHA256 e60807fbf4c0191dcca332ba7a7886bec872472e3d5dfc6cb9cba39b6c4f6322
  
Dropped by
SHA256 8df707caa4bc942d3ef9c59358028b718497a0cbd335c8c283efb6d1e8e34a87
  
URLhaus
https://urlhaus.abuse.ch/url/330300/
  
URLhaus
https://urlhaus.abuse.ch/url/330466/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments