MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07bb8a93f7d3775c5c6154a7865bbe02078b40bbe7f34d10a7d928257cd9b001. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07bb8a93f7d3775c5c6154a7865bbe02078b40bbe7f34d10a7d928257cd9b001
SHA3-384 hash: 3edbf4b02cca0d2da0d70ff2841b9b3284a5e99cf79acda2cc42eb81f6d90a717d5f5e1ca7b8ef15863824bf48bede95
SHA1 hash: dbef05ea3905faa063782911ab2e164828772a82
MD5 hash: 5e7108e0ad42dcf1dcef0f1681bdefba
humanhash: oxygen-pip-emma-island
File name:Account_details.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:240'259 bytes
First seen:2020-06-05 10:17:30 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:l0Cy2CWTqRS3RKS7AIlAR+g8QFMN9hpfMT7z5XI3lLB4A:l0Cy9WTqc3UgAP8QFeKVXI3lLOA
TLSH BF34238D4C886DE2C759D3261DD4B75103BCEC1CC0A1A3D9FB7D17B39218C5AA9C669C
Reporter abuse_ch
Tags:FormBook MailChannels rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: brown.elm.relay.mailchannels.net
Sending IP: 23.83.212.23
From: gareth@bewandco.com
Subject: Re: bank details
Attachment: Account_details.rar (contains "Bank_details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 07:47:48 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a65yve7x2n3vyxdbkstymw56aidywqf347zu2efh3euck7gzwaaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 07bb8a93f7d3775c5c6154a7865bbe02078b40bbe7f34d10a7d928257cd9b001

(this sample)

FormBook

Executable exe 783c6835be34af1803983890ec14e1edb2ac7cef4442dff43cddb719d97236b2

  
Dropping
MD5 319112103cffdcf74d0090cbc89e70c5
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 783c6835be34af1803983890ec14e1edb2ac7cef4442dff43cddb719d97236b2

Comments