MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3afc46062e988f282b2f82566de29da21a7d37d3e2ebdbb4097a8f23f5e9309. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3afc46062e988f282b2f82566de29da21a7d37d3e2ebdbb4097a8f23f5e9309
SHA3-384 hash: 39d6b517447688d1ab686a42bfb2899099619c748bc4869d995713c1b64defe653ff63eef8765e8b2123ef53807e05a4
SHA1 hash: b918b3e3a5ccee8c8b2a97fae374fbf89d1a6180
MD5 hash: 5452d8a0d215ef0e43bd4e3cafc5d1d7
humanhash: echo-oranges-emma-lamp
File name:SBA_Payroll_Protection_Application_Documents_Prom_Note_Benef.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-15 13:37:14 UTC
Last seen:2020-04-15 14:53:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cb219b7c69885cac8897f95a8da644ca (1 x Formbook)
ssdeep 3072:zT93Evnl7Ku8o0zmnimUrvVP5LFJZEe6b:t+l7K1o0zCimUrvVP5LFJZEe
Threatray 165 similar samples on MalwareBazaar
TLSH 21F3940BB65CBFADD6494AB2793887B40258FF775900790BB9C9FD2F057128CB8126D2
Reporter James_inthe_box
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Formbook-7668167-0
Create hunting rule

Result
Threat name:
Remcos FormBook
Create hunting rule
Detection:
malicious
Classification:
phis.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/342167
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 21:29:00 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yox4iydc5gepfavs7aswnxrj3iq2pu35hyxl3o2as6upep26smeq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0282b710d24b3d098017e3231c93e1b46bf8586a6e0cc83ec76f2a1d710c6813
Formbook
0603ab9e9dc5a76e493232f85c474f3a7e9eeaa937158916b7df9466dc01106f
Formbook
4e7757f18ae0c6aeac44ed49de53657e81d46474c75c431b291e3e5712b94045
Formbook
6a07e270c189e9059526fc2570c7e4039f1140115e2f8544bba2b6f5923ac2ce
Formbook
92714bd064db14df090e83922023d6ebc0e515909e223e9277a35c570b0a36e0
Formbook
a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4
Formbook
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
Formbook
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
Formbook
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
Formbook
e920edae93d44363b7f23b7eb55d9074a5781ab05cdace625283ba73bc411524
Formbook
+ 155 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments