MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74d63d3b59e6068fdfa650d8a583b15a80e6a4dc68b54e38f4f21f5797a0f1b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 74d63d3b59e6068fdfa650d8a583b15a80e6a4dc68b54e38f4f21f5797a0f1b2
SHA3-384 hash: 111bd72381659d448d924d2ebd9f80b117300869311c79f4dabe380b6cc423d0a24f6a8df1bad8c94d72d9faa24e0eb1
SHA1 hash: 5eee76767b1a74ff92ce0e46c4e5a02e0f6a186f
MD5 hash: fe131a31e142f27c997f23e6df3489f1
humanhash: montana-eighteen-quebec-edward
File name:8197ccfdbce15f81d6ad05daecd80af5.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-05 21:25:06 UTC
Last seen:2020-04-08 17:02:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:VT0RKdsP9UvYcj040c+2uijEXY3rOktXkLBvleVLt/:uk6w04dXHjKY7tME1
Threatray 3'314 similar samples on MalwareBazaar
TLSH 01F39E36DA51C031E2B201B1F6BD0B7B883E4E34769551F6E3A126A06FB08A5F52931F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
http://castmart.ga/~zadmin/icloud/j1_encrypted_798BCE0.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 21:35:27 UTC
File Type:
PE (Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=otld2o2z4ydi7x5gkdmkla5rlkaonjg4nc2u4ohu6ipvpf5a6gza._file
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
FormBook
0b80b458756d763bff9b687091162c3cef38203e797ca0fc49117739b1b169eb
FormBook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af
FormBook
b9c1be5f81b9261b1bb68fb0f667a57721bd04b750427a9382844c42d18dba6e
FormBook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 3'304 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

806b51377a121da11b0ac5d62e8d9249eeb48fc29c1477e355a55b00e0e3308b

FormBook

Executable exe 74d63d3b59e6068fdfa650d8a583b15a80e6a4dc68b54e38f4f21f5797a0f1b2

(this sample)

  
Dropped by
MD5 8197ccfdbce15f81d6ad05daecd80af5
  
Dropped by
MD5 fe633200da3e563bc6680bc720a685ae
  
Dropped by
GuLoader
  
Dropped by
SHA256 806b51377a121da11b0ac5d62e8d9249eeb48fc29c1477e355a55b00e0e3308b
  
Dropped by
SHA256 82703cd0470821f9a88d3da005aa5322bd1c95d92bdf7a1cfaf80f663197e8ee
  
URLhaus
https://urlhaus.abuse.ch/url/335602/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments