MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6cc856405546af76f769ae3148e782571675af436ae9701c17d081266d6c835. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6cc856405546af76f769ae3148e782571675af436ae9701c17d081266d6c835
SHA3-384 hash: 20c3a8ee860bc41a92915f13516a2fbc123e00a3ab1ddbade00baa9ed469ae8f9d15317b0186ae48dc31ebee467178c5
SHA1 hash: 89dba75b13a506ee5042b5636c06555baf85050c
MD5 hash: 43927d58e211d5a2d2670bf46b1d9884
humanhash: five-oregon-queen-venus
File name:SBA_Disaster_Application_Confirmation_Documents_COVID_Relief.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:155'648 bytes
First seen:2020-04-02 13:53:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 15df1aacace26a2bece22bb2e921b929 (1 x FormBook)
ssdeep 1536:Oc1+q/PbOaHGDcfZUaYrR2Y1THHHs9PjB:aOPGIZgR2Y1b69
Threatray 1'077 similar samples on MalwareBazaar
TLSH 58E3640BBA0CDB9CD2584EB2BD3947B84218FF735D446907B9C5FF2E297114DA902AD2
Reporter James_inthe_box
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Remcos-7646000-0
Create hunting rule

Win.Malware.Generic-7650553-0
Create hunting rule

Result
Threat name:
Remcos GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/337140
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 23:46:33 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u3gikzafkrvpo33wtlrrjdtyevywowxug2xjoaobpuebezwwza2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
FormBook
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
FormBook
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
FormBook
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
FormBook
6f47b4825836d58654b05deac55c892825a83e479c406b9b027a0dc6bd8e3938
FormBook
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
FormBook
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
FormBook
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
FormBook
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
FormBook
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
FormBook
+ 1'067 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments