MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a6622b98eb19be1842c8bef0b5922125168c4abb5121603ebaa6b0f21e2b124. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a6622b98eb19be1842c8bef0b5922125168c4abb5121603ebaa6b0f21e2b124
SHA3-384 hash: 8e3584fd410d9d276c615a3971774296b9fbae1b755c4952a54fceca6edc8d51cac2ab22a149e0a11647dc46f967e7d6
SHA1 hash: 6ac6a43f2911de10620b18d496c53ff0e0b84045
MD5 hash: c15a202d6fb42e11bedae1de042cad26
humanhash: delta-pennsylvania-two-kitten
File name:1d8ca065861fee484f3f87c82981087f.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-01 07:10:15 UTC
Last seen:2020-04-02 08:10:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:+4gBOzGPbf5hKiPPlRJYyRu5TNkhoOzKSsNVOqQTpeqoUrbd+:sOuHPrXOTNkhomBZS6d+
Threatray 4'792 similar samples on MalwareBazaar
TLSH F8F39D32DA41D071E1B241F5B67D0B77883E0E393695A0E6A3A525F06FB08A5F52E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1ep_uZrtYblIkKbE3NYOpw7FllT2aH0T3

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 07:35:27 UTC
File Type:
PE (Exe)
AV detection:
29 of 30 (96.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rjtcfomowgn6dbbmrpxqwwjccjiwrrflwujbma7lvjvq6ipcwesa._file
Verdict:
malicious
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
FormBook
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
FormBook
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
FormBook
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 4'782 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

13c6eae49f77952ba7ce631f0ad1f8f06498eecdba9b638a96d7ff70711a2476

FormBook

Executable exe 8a6622b98eb19be1842c8bef0b5922125168c4abb5121603ebaa6b0f21e2b124

(this sample)

  
Dropped by
MD5 1d8ca065861fee484f3f87c82981087f
  
Dropped by
MD5 02cd5bbc2556fc1deeef7d8f56b05f04
  
Dropped by
GuLoader
  
Dropped by
SHA256 13c6eae49f77952ba7ce631f0ad1f8f06498eecdba9b638a96d7ff70711a2476
  
Dropped by
SHA256 8fcf3d312504a2ec17b1471c8e6168fa98588166701d5c944c9c98c79d8e29e2
  
URLhaus
https://urlhaus.abuse.ch/url/333253/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments