MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
SHA3-384 hash: 5779dd7569d1226f2374fd829f1a384bcb1c648778c044dbd92de39fc4242c02fb71117f441af8a724f330bf2efc13a2
SHA1 hash: e0183c7c542b63c2d2a9d45f344a82a5ac954161
MD5 hash: 021ea72e6f173e2b227ef086759535be
humanhash: paris-nitrogen-oranges-alaska
File name:7ce4dcb70294d698e6c249a343af036a.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:171'520 bytes
First seen:2020-04-06 14:55:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:XFoeDoPE/SoiO4rlIjKYTnq+mm03j53tNAZ5HCO:y0bmrlm9bq+mm037NAZ5H
Threatray 2'708 similar samples on MalwareBazaar
TLSH 76F38D32D651C031E2B241B5FA7D0B7B883E0E347295A5E5E7A12AF05FB08A5B52D31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://onedrive.live.com/download?cid=E61E5F3F655316FA&resid=E61E5F3F655316FA%21115&authkey=APlIQiaATLU8Zz0

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 15:35:26 UTC
File Type:
PE (Exe)
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5mk5swme2getvyhkerdnjbmqdhqs2zequgdbfxlavxwmlwl4lrq._file
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
FormBook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
FormBook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
FormBook
ed21049192c51ab75191b0791aa7d746b86fc3bca997cea24726399a45a734cd
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 2'698 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

FormBook

Executable exe accfdbd1af174d1134015daa4bc39ee1b5c8b88df4ecee8ea0c9cda660bb18c7

FormBook

Executable exe bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3

(this sample)

  
Dropped by
MD5 7ce4dcb70294d698e6c249a343af036a
  
Dropped by
MD5 3476b3a0060168294ea87d0c40722b38
  
Dropped by
GuLoader
  
Dropped by
SHA256 accfdbd1af174d1134015daa4bc39ee1b5c8b88df4ecee8ea0c9cda660bb18c7
  
Dropped by
SHA256 edc9326d3500f7c8ce0ff2d9674efc4b15216c2497e4d52a1ff7bf6993538615
  
URLhaus
https://urlhaus.abuse.ch/url/335821/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments