MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c158850d19ef6be35aba8be56a6bc1897da1eea2e2f2216b0c454f26851176f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c158850d19ef6be35aba8be56a6bc1897da1eea2e2f2216b0c454f26851176f
SHA3-384 hash: 28f218796dafd7ce41dc4909190f60bad9acec999ea952c6372d21c2799dd1c6dd12323d6a883bab21930091edb53d26
SHA1 hash: 845671e3b91bb76598887812b53265bb4ca72842
MD5 hash: bde2e44573bcb158ec9d38e3d4d675a8
humanhash: summer-tennis-mirror-moon
File name:SOA JUNE 2020_PDF.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:415'138 bytes
First seen:2020-07-16 06:35:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:9+W57ThQlZcoJ0oeGPpdli74iIP3Zi86N:9+CnhQrt2o3liIP3ZP6
TLSH 3C9423DAD2DD0371FE86E96ADF05D7254C1348570A787D639EAEAA24FC1950C0E036BC
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 185-10-73-68.ihglobaldns.com
Sending IP: 185.10.73.68
From: AccDept/EQ-SHA <accounting@eg-forwarding.com>
Subject: SOA JUN 2020
Attachment: SOA JUNE 2020_PDF.zip (contains "SOA JUNE 2020_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Daqc-6598201-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c158850d19ef6be35aba8be56a6bc1897da1eea2e2f2216b0c454f26851176f/
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:37:04 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dqkyqugrt33l4nnlvc7fnjv4dcl5uhxkfyxsefvqyrkpe2crc5xq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 1c158850d19ef6be35aba8be56a6bc1897da1eea2e2f2216b0c454f26851176f

(this sample)

FormBook

Executable exe a35d69993515cae4a630d53eed0c26a8bb5c9026db01caba7b4e8a07075d209a

  
Dropping
MD5 9a37368592a1a9b3b417f3e4828ccd66
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a35d69993515cae4a630d53eed0c26a8bb5c9026db01caba7b4e8a07075d209a

Comments