MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dad8d92536c888d1085fcbac30cde66111096cec9c76ba8ed5d71d0cc04e3402. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dad8d92536c888d1085fcbac30cde66111096cec9c76ba8ed5d71d0cc04e3402
SHA3-384 hash: faeeceff046acd8834bb7625f24414c384881563529932e6924b7934abb679e59f09f7e011e4ad39b5dcc9b26c1047c7
SHA1 hash: 5cc769940c7df50321b28f9e1b3211b4483e8a4a
MD5 hash: 3dcfa59d9a24db8ba8a5196756bff2ba
humanhash: happy-florida-fish-papa
File name:a93b39f131a8b5d3d04b5b9d6984fe96.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:171'520 bytes
First seen:2020-04-01 01:10:14 UTC
Last seen:2020-04-01 06:25:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:qTcbaP9mhm7gnI/qcVf77D5BDsPV1jYCyjMsFpV203hLNyVxWzD:3Eyn6xV/DbDsPnjVyjD00ByjWX
Threatray 4'708 similar samples on MalwareBazaar
TLSH 8FF3AE32D641C075E27241B1BA7D0BBB883D4D343298A5E6E3B519E06EF48A5F52E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=13iOJ8T25QjN6_YpPyjQtYQ9UIdzCxcC6

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 01:35:28 UTC
File Type:
PE (Exe)
AV detection:
28 of 30 (93.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3lmnsjjwzcenccc7zowdbtpgmeiqs3hmtr3lvdwv24oqzqcogqba._file
Verdict:
malicious
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
FormBook
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
FormBook
916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af
FormBook
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
FormBook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 4'698 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

50dd1415c09d5b0e55705c0e8246472098a86a3eb6409926a98929a0463d1383

FormBook

Executable exe dad8d92536c888d1085fcbac30cde66111096cec9c76ba8ed5d71d0cc04e3402

(this sample)

  
Dropped by
MD5 a93b39f131a8b5d3d04b5b9d6984fe96
  
Dropped by
MD5 d5cf816fa002462e5235f4d54a59ee2c
  
Dropped by
GuLoader
  
Dropped by
SHA256 50dd1415c09d5b0e55705c0e8246472098a86a3eb6409926a98929a0463d1383
  
Dropped by
SHA256 2d0e12a40642f637814aaebc32f6e96203dbc5c56a4b617cbf0327bf3f1719b9
  
URLhaus
https://urlhaus.abuse.ch/url/333080/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments