MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb79ca40a23b15eeca9e2f343ec61a525e8facc9a14572c92eb8d4c7a4871bbc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb79ca40a23b15eeca9e2f343ec61a525e8facc9a14572c92eb8d4c7a4871bbc
SHA3-384 hash: c287ce585d37658219d00cca424a7bb230719a33668793f3eb2283ba99b8d3c509d7fa85cc7117881f9fcc6122633ba0
SHA1 hash: e23d646b0477a97a91ee389d21adb589dfacc63f
MD5 hash: be7a436c47bbbd6bf84674032b1e82a1
humanhash: colorado-zulu-venus-alabama
File name:50909248d2356066a07b8eac5b672661.exe
Download: download sample
File size:172'032 bytes
First seen:2020-03-27 07:05:10 UTC
Last seen:2020-04-09 16:28:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:dE9vyPTbOL5Bqve9+Jzs2jQnqKdduOJ2KPAm03O5mD:KeEqW6zs2jSVddukv0o
TLSH D3F3AF32DA41C035E2B251B5FA7D0B77883E4E34369465F5E3B02AA46FA04A5F52E31F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://onedrive.live.com/download?cid=CEA27E82624AB94F&resid=CEA27E82624AB94F%21157&authkey=AP8ffcN_EyTNAV8

Intelligence

File Origin
# of uploads :
4
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 07:35:44 UTC
File Type:
PE (Exe)
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe ced4cad0c45556ad653fa0b3f43e3312963f6d5e36f8eafe9bd5983a9b1480d6

Executable exe bb79ca40a23b15eeca9e2f343ec61a525e8facc9a14572c92eb8d4c7a4871bbc

(this sample)

  
Dropped by
MD5 50909248d2356066a07b8eac5b672661
  
Dropped by
MD5 34b8a600ccae084508bcfe499abf6e40
  
Dropped by
GuLoader
  
Dropped by
SHA256 ced4cad0c45556ad653fa0b3f43e3312963f6d5e36f8eafe9bd5983a9b1480d6
  
Dropped by
SHA256 6b07bf1ba2d4e8586e1bdde3de7dfe2e0f5ff8ff90cf52136a7bbbce52a51c9c
  
URLhaus
https://urlhaus.abuse.ch/url/330824/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments