MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01d4b9a707c7984e1db24cdc49e20d9231a484f571565b9b63a77a0badd88a40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01d4b9a707c7984e1db24cdc49e20d9231a484f571565b9b63a77a0badd88a40
SHA3-384 hash: 803d21c8c262dfe654aea0fb458621444b6a6bea172118520fb9ed7b869cde2ae00cebdecb7e95142cfc81e18ef4c2ae
SHA1 hash: 1550f7e2b5ccd533cac7394cbf6182b20781d27c
MD5 hash: b6f9fb9bbe14c7a58e1f8271ed17965c
humanhash: texas-asparagus-alaska-artist
File name:Tax payment invoice.xz
Download: download sample
Signature FormBook
Create hunting rule
File size:265'087 bytes
First seen:2020-07-10 07:31:44 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:yPqPpynb/zkBwdz8Bf+ykbx2istZA+hn5d7I:wCIb/o5AxrsLAMvk
TLSH 044423F34A0D8FE807781AE73D2203C958A9C51B782154F14E51A97CE93BA7DECA9D07
Reporter abuse_ch
Tags:FormBook xz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: [68.183.83.115]
Sending IP: 68.183.83.115
From: Hoon Ko <hoonko@capco.co.kr>
Subject: Tax payment invoice
Attachment: Tax payment invoice.xz (contains "Tax payment invoice.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01d4b9a707c7984e1db24cdc49e20d9231a484f571565b9b63a77a0badd88a40/
Threat name:
Win32.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:33:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahkltjyhy6me4hnsjtoetyqnsiy2jbhvoflfxg3du55axloyrjaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

xz 01d4b9a707c7984e1db24cdc49e20d9231a484f571565b9b63a77a0badd88a40

(this sample)

FormBook

Executable exe 049c930e35f038764e8bc794a6ef12474468b01457eac80483059ab91775c7ce

  
Dropping
MD5 35c3014073543ca0770a7d794de29fcf
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 049c930e35f038764e8bc794a6ef12474468b01457eac80483059ab91775c7ce

Comments