MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f0181bb9ba6c54c2dd68e4878033a6ad53a1a0c9cb38ba4a24f4f86e55bba6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f0181bb9ba6c54c2dd68e4878033a6ad53a1a0c9cb38ba4a24f4f86e55bba6e
SHA3-384 hash: 52deb11bc3e4533d5ca7f9e450578dcc82e5ae99e21c85f8252bb3d262b1a276b4efe31807e7c367583924fdcd4c00a2
SHA1 hash: e910bef1c83948f181a4dc4f079ba67106804508
MD5 hash: bec612a690076cd9aa341b981e65850f
humanhash: magnesium-black-wolfram-foxtrot
File name:P.O. 27000446.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:483'303 bytes
First seen:2020-05-04 08:56:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:0tkZG2FRutjVI7pMs6U8e09uX0gJLwYqsAhWIoarq:1RSVQKsG0v0rq
TLSH D8A423905C3C2CD022DAE4354701102C67AE80BFB87F3CE58F76E1D4A91997E6E5D96B
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.196
From: admin <admin@yingshitech.com>
Subject: ***RE:urgent Order*********
Attachment: P.O. 27000446.zip (contains "P.O. # 27000446.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PE.Heur.InvalidSig.32539.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 01:22:12 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b4aydo43u3cuylowrzehqaz2nlktugqmtszyxjfcj5hynzk3xjxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 0f0181bb9ba6c54c2dd68e4878033a6ad53a1a0c9cb38ba4a24f4f86e55bba6e

(this sample)

FormBook

Executable exe b7a6133cc3253f40c306f93cd28219a26d1354e7e360be9014c46ee3f7f67053

  
Dropping
MD5 0b06be295761b41d1831caf85411e48f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b7a6133cc3253f40c306f93cd28219a26d1354e7e360be9014c46ee3f7f67053

Comments