MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c28628e453851e95098e1706bb1d130a863b70abd4b5c316ea710f83ef68b0a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c28628e453851e95098e1706bb1d130a863b70abd4b5c316ea710f83ef68b0a1
SHA3-384 hash: 92602b8e403d279adb2791f3f304894d749fb33b91c94702b3eda075aff14a80de6d56b16ff3e214eb1ed89fe4d9e099
SHA1 hash: efca300873fa814f5aa3f345d73c6fd357297860
MD5 hash: fe37f030fa26fbfc8477adad1e0e46a5
humanhash: stream-cold-spring-maine
File name:23e20efbddbbdda6cb7566d3d796f9f7.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:171'520 bytes
First seen:2020-03-31 16:40:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:ir/PbsPU7Ax+LBAmDeFIGhGKI3uAqejBcAxyVo4RsY8aT7T6HJ:GX6myiVKI3uA95xyVvsY8q7T6HJ
Threatray 4'971 similar samples on MalwareBazaar
TLSH A3F3AF32D642C071E2B201B0FA7E0B7B883D4E353695A5E5E3B516E05FB48A5B52E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
http://epgators.com/b/bin_encrypted_F2B10CF.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 17:55:53 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ykdcrzctqupjkcmoc4dlwhitbkddw4fl2s24gfxkoehyh33iwcqq._file
Verdict:
malicious
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
Formbook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
Formbook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
Formbook
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
Formbook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
Formbook
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
Formbook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
Formbook
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
Formbook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
+ 4'961 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b63fb57edb7f45289e17d54d0443a5c65709706409f751cf98386fc5b356483b

Formbook

Executable exe c28628e453851e95098e1706bb1d130a863b70abd4b5c316ea710f83ef68b0a1

(this sample)

  
Dropped by
MD5 23e20efbddbbdda6cb7566d3d796f9f7
  
Dropped by
MD5 9ae68afa24add13b2e3c365040163b40
  
Dropped by
GuLoader
  
Dropped by
SHA256 b63fb57edb7f45289e17d54d0443a5c65709706409f751cf98386fc5b356483b
  
Dropped by
SHA256 23a16b269209692641e44e77e5867cf54bdc708af295754b9c2933cd6d0991a0
  
URLhaus
https://urlhaus.abuse.ch/url/332783/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments