MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2025c64899121b48f227814bccffc112746401fe93ae2aafc135ad986f53c139. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2025c64899121b48f227814bccffc112746401fe93ae2aafc135ad986f53c139
SHA3-384 hash:	3b8c96a122135eec7ca3b2142a2262a4de598432ad1649987fb77bb511756dd41f2b61714e5db5351c64233f733ee678
SHA1 hash:	842de32b4d7a8d949ff63295f0de3d0dcc335973
MD5 hash:	d0da96b68614716f0667cc23f57dde6e
humanhash:	georgia-zulu-grey-angel
File name:	DRAFT DOCUMENTS.pdf.zip
Download:	download sample
Signature	FormBook Create hunting rule
File size:	292'263 bytes
First seen:	2020-03-22 15:13:36 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:kUJaSrrh5bRZSZJLW5muuvlll1IDIjK66+uXFkIoEih7NkBzpjjjQDGzSh:DrvGDLAmuSllDIIG6eKAa+DjQDGWh
TLSH	16542367E60CA1860DBBECCFCF67CB326185BE177C898A1F058E55EB199B58E0354E10
Reporter	cocaman
Tags:	FormBook zip

cocaman

subject: 'FWD: 回复: 回复: CH-202001001 T.U. P1astic DRAFT DOCUMENTS'; sender: 'Mr Albert/PORTEVER SHA/Overseas Exp Dept <shanmn-10@portever[.]com>'

Intelligence

File Origin

# of uploads :

1

# of downloads :

74

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Generik.MDHMIFT.26115.UNOFFICIAL

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Occamy

Status:

Malicious

First seen:

2020-03-23 02:18:31 UTC

File Type:

Binary (Archive)

Extracted files:

7

AV detection:

25 of 45 (55.56%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=eas4msezcinur4rhqff4z76bcj2giap6soxcvl6bgwwzq32tye4q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 2025c64899121b48f227814bccffc112746401fe93ae2aafc135ad986f53c139

(this sample)

exe 03200425032e7246493cae751e77c4dc2f2bfdb14cddfea1ab34f051eaaf5290

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 03200425032e7246493cae751e77c4dc2f2bfdb14cddfea1ab34f051eaaf5290

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample