MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f59beda320367cafabde03dd3b8447f13afc115e66c2f0a6833bb84e64eb2017. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f59beda320367cafabde03dd3b8447f13afc115e66c2f0a6833bb84e64eb2017
SHA3-384 hash: 8be8887869144121a718b7f79bdc789c2c06ae3a519af37dcc009921b843c513c38dbf589367f39b4102f96c9064040b
SHA1 hash: 15a5e6971e12aa8ddd61104d8370a594c8571475
MD5 hash: 02c00f5fa742c303c8454c837a362a1e
humanhash: uncle-ohio-lithium-winner
File name:6d9beb5352bd5e95918a6108a16b5e62.decoded
Download: download sample
Signature FormBook
Create hunting rule
File size:172'032 bytes
First seen:2020-03-26 13:45:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:PEiEGZPD55RqEpL+fGcED1RZSBLhjh9hnSeC4KZXgyfd8dFPluriNU/:s0NQ2LgsDPZSBLhjwWIX3+Lciy/
Threatray 2'213 similar samples on MalwareBazaar
TLSH 3CF39E32D551C031E2B241B5BA7D0B7B893D0E38329464AAE3B52AE45FB44E5B53E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1khmr0RVYpNzIRVZHmHVxySw53xZXLnQ5

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 13:48:31 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6wn63izagz6k7k66apotxbch6e5pyek6m3bpbjudho4e4zhlealq._file
Verdict:
malicious
Similar samples:
38d4e4ea5e9b15b4d221cc6627a7b088a54964dfe95b49173a45bc5f9177a249
FormBook
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
FormBook
72e42f1672249fbd4db20c17d5e29fba5838ef08cf0f6964d84ffc434ea46f27
FormBook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
FormBook
8efac0f1a783fbe5627c1fca4c211583bf045bd5671d89df9418220d66078c11
FormBook
9a4f09a04f936d38799360de7c824701e635ce56d7d014903a6934626c3042a0
FormBook
b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65
FormBook
b8ee3458736fa73672b43a4c55e136bafc48b215dcb89dac28b5865ab59fc99c
FormBook
d34f87c6a070f4f73344156c16be7040f2932053aea2868e98b0fa4297113835
FormBook
e99c6ae5a08e119d151f0c28b6b164d98ca6fd24d1d91b6f57bdf40f3d688c91
FormBook
+ 2'203 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

1d37a4cdb037f1ea778edc149b4d31fa3142e919358719b255f755b88860db4e

FormBook

Executable exe f59beda320367cafabde03dd3b8447f13afc115e66c2f0a6833bb84e64eb2017

(this sample)

  
Dropped by
MD5 6d9beb5352bd5e95918a6108a16b5e62
  
Dropped by
MD5 d472dab46bbc96f960be5ad95352181c
  
Dropped by
GuLoader
  
Dropped by
SHA256 1d37a4cdb037f1ea778edc149b4d31fa3142e919358719b255f755b88860db4e
  
Dropped by
SHA256 d19da9c6f5ca0b6b6c4ab64720d01a5dd7d1f4ab41bcc937475b66a7ba30bc79
  
URLhaus
https://urlhaus.abuse.ch/url/327007/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments