MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 237b20da59e939233637255b56164dbb10150ae8fc6ebb0c2bfb20545027b16b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 237b20da59e939233637255b56164dbb10150ae8fc6ebb0c2bfb20545027b16b
SHA3-384 hash: f1d106cc76f21e26e3339043cae17a1c8bbcf9ba22391c1d0c0c4676b8f4212bf0c0442a1edb96cab8a847f84a10ae6d
SHA1 hash: 51cc47d00e771ba37c68a1487438191f9bb75eeb
MD5 hash: af57aa13224526e9d1425dcd56ea1a8d
humanhash: arizona-sixteen-seven-arkansas
File name:swift copy_pdf.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:728'912 bytes
First seen:2020-06-10 07:43:29 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:+ca4ThetcvYasJzTwynmGJZ0nRvn5Bq+V5mOe7z8IQGW7xZ:+044ipwymRRPT+z8FlZ
TLSH E4F423788D081CF61F8DCDCFB8399DC452672D6E6009DFD81C49CADA48C4CF86A596EA
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gains.creationmediaindia.com
Sending IP: 184.171.174.122
From: SEOJIN SHIPPING CO., LTD. <info@bluebirdshipping.in>
Reply-To: sjship@siship.co.kr
Subject: RE: Remittance Advice
Attachment: swift copy_pdf.arj (contains "swift copy_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:45:07 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=en5sbwsz5e4sgnrxevnvmfsnxmibkcxi7rxlwdbl7mqfiubhwfvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 237b20da59e939233637255b56164dbb10150ae8fc6ebb0c2bfb20545027b16b

(this sample)

FormBook

Executable exe 68b0e57c728398876c4a835e93ff8e5fe6e90d05175a8815ac17b8a4ba4c68cc

  
Dropping
MD5 0914362e110fc66365b2574bf609ccb9
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68b0e57c728398876c4a835e93ff8e5fe6e90d05175a8815ac17b8a4ba4c68cc

Comments