MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c46bc8f7f6334e0ac2957de6b03b6a04bca97a5604c90ecbfd755a7b7fdeed59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c46bc8f7f6334e0ac2957de6b03b6a04bca97a5604c90ecbfd755a7b7fdeed59
SHA3-384 hash: c8e79bb1cc005fa861d08b397dfa60f24de5ad130369d11abb9eeda29765a72f3c2abfb33a9d0c857bd7b988d742c4e0
SHA1 hash: 955e57a2247b91af0b2a0fd1153d0357419fef68
MD5 hash: 6a27d79466a937b0cae645969d679571
humanhash: bakerloo-cold-delaware-romeo
File name:Smldfedtba2.txt
Download: download sample
Signature FormBook
Create hunting rule
File size:143'360 bytes
First seen:2020-03-26 09:02:48 UTC
Last seen:2020-03-26 10:38:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 010e4797252238c32bfac12cd3f121bb (1 x FormBook)
ssdeep 768:txOFrCwD/2TgKucPo4zMtM/oaFA3rDwkRs03e/9KhrDimz6KLJ5IVAMcIyadIS8x:tA/HKTdA80lq0hrDim2EcVJcR
Threatray 4'860 similar samples on MalwareBazaar
TLSH 3CE31713BAA1C85BDC5042304F6447A54223FC24FAA60F8732CD7B1E6DF9E179DA27A5
Reporter cocaman
Tags:FormBook txt

Intelligence

File Origin
# of uploads :
3
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7645390-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 13:19:47 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yrv4r57wgnhavquvpxtlao3kas6ks6swateq5s75ovnhw7665vmq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0bba310d0af941efeae9dd5e3bffeef258680c5633dfe1a96a4e88c8e15b5d2b
FormBook
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
FormBook
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
FormBook
2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067
FormBook
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
FormBook
937284137c84e1a192926206db0102c93764420508b2ff6bb6ab609cb7b55f9f
FormBook
9a4f09a04f936d38799360de7c824701e635ce56d7d014903a6934626c3042a0
FormBook
9e078800efb0d015e268e68afc688fc189ed29a927fe6df75d174365446569da
FormBook
aeeabfa8e9e939e37ea0207919fdc7451ab015e81e5b908dc6d50e8ab9bdf7eb
FormBook
b1d9adc8ee80f24960fb84adbb029695e49763faecbf559f92410d44bf28b0d3
FormBook
+ 4'850 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/330205/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments