MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 023e360fe946d94c75b1e635679abf6fd80e80e899adb8919ce49ef7be777cd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 023e360fe946d94c75b1e635679abf6fd80e80e899adb8919ce49ef7be777cd7
SHA3-384 hash: 6976b9f45e9621268e8db2bc189c4a74bad0de94199f60a84ea2b214ff644be3c524f5ba99c549b5bbaca3093a4755e2
SHA1 hash: a38b904514bf1157a8aea3c6a7772c78ac87b3ad
MD5 hash: 52876aedc7776583bb01d658ac902e57
humanhash: enemy-edward-oklahoma-kitten
File name:specification pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:356'417 bytes
First seen:2020-07-06 06:24:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:opB9irzf/c1eIMGiHme9/X2e8jxIprhG665XdIxJKQD038IGS76INFlps0NVDnx9:i+rzf/chyHmw/GvKro5RdIX103FGY6Iz
TLSH E07423C03157D516DC29EDFDF3A179E83EF881917B3A28D28E3B7E0D8095E539A49940
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server162.net218.intbildns.org
Sending IP: 185.126.218.162
From: donghanhviet@donghanhviet.com.vn
Reply-To: donghanhviet@donghanhviet.com.vn
Subject: Re: Noze of Disptach-- your order PBS-9660003 -- ISS Q7458-A-R0
Attachment: specification pdf.zip (contains "specification pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
476
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/023e360fe946d94c75b1e635679abf6fd80e80e899adb8919ce49ef7be777cd7/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 06:25:07 UTC
AV detection:
25 of 47 (53.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ai7dmd7ji3muy5nr4y2wpgv7n7ma5ahitgw3rem44spppptxptlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 023e360fe946d94c75b1e635679abf6fd80e80e899adb8919ce49ef7be777cd7

(this sample)

FormBook

Executable exe ea757d5009b479c116f888667fe901ed1c2f5687d26cd611df29298c17529153

  
Dropping
MD5 fb13e3dcc3c273bb12dcd78ad2dc6ab1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea757d5009b479c116f888667fe901ed1c2f5687d26cd611df29298c17529153

Comments