MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1746f63fe3b4b47c452d7321cec1abc493000042daf190fc09059451e9290dbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1746f63fe3b4b47c452d7321cec1abc493000042daf190fc09059451e9290dbb
SHA3-384 hash: f5c6b94f3cc07d07e69a70b88460691d9e1dfbbff7c20061a7360ba495ce27ee757253302a785804c6a6304e60f52b58
SHA1 hash: d9d60c87434186161df08e4b0bd1a1d051f32494
MD5 hash: 3fc8d9c79e6a2130c4da392b42b64d4b
humanhash: april-harry-music-salami
File name:RFQ and Purchase Order 060920A..zip
Download: download sample
Signature FormBook
Create hunting rule
File size:300'557 bytes
First seen:2020-07-03 06:06:44 UTC
Last seen:2020-07-03 16:04:32 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:JDX3wprXv9zzwsLG3vk8K3yGqqXjmGqeVdg74UqrOP2wvZ0DHYq0iiX:JMZ/9z7GsMxqXjmeVdgUGvvZypiX
TLSH CC54223EEDE31958D29E09080956C1CD3A348A6F119A4A5D414FE7ACC74ECF3997E632
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gmail.com
Sending IP: 107.173.40.221
From: Ben Faiella <sales@gmail.com>
Reply-To: ltbthuyposco@gmail.com
Subject: RFQ and Purchase Order 060920A.
Attachment: RFQ and Purchase Order 060920A..zip (contains "RFQ and Purchase Order 060920A..exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1746f63fe3b4b47c452d7321cec1abc493000042daf190fc09059451e9290dbb/
Threat name:
ByteCode-MSIL.Trojan.Avemariarat
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:08:09 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c5dpmp7dws2hyrjnomq45qnlysjqaacc3lyzb7ajawkfd2jjbw5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 1746f63fe3b4b47c452d7321cec1abc493000042daf190fc09059451e9290dbb

(this sample)

FormBook

Executable exe b84f164b86250eaee07153f4665af8826f0e934ba80e505ae37ead324f53b971

  
Dropping
MD5 7f97fe13229e97475a0454942646a562
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b84f164b86250eaee07153f4665af8826f0e934ba80e505ae37ead324f53b971

Comments