MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27a4ea416a93e080d73043d8073d70a3eefbb5eeb498b5458f9e770cfadb03b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27a4ea416a93e080d73043d8073d70a3eefbb5eeb498b5458f9e770cfadb03b2
SHA3-384 hash: de68c2a165d897c2969054ce9460b16f6637f6585e3e8f3f1aa9b4abe3b840195cf065c7bf0a91702b63cfc5ce20468b
SHA1 hash: b5a1e0327b322383340c99e37816f1417e397c6e
MD5 hash: fa4f711f63b045b52e8106319644f55d
humanhash: pluto-muppet-montana-wyoming
File name:1300003150.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:347'869 bytes
First seen:2020-08-05 06:31:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Z9vItis9GckYO+FdxfbfBKJ6xsbbGyOWZovVJH/BZqdEelVCDBSk1yrsQErduY2l:Z9vItXwWdxDfBcH9OMovVt6eoVg7srdf
TLSH 2374236F96C3EE3ECCB11C3162D5009793E8C8DDEFBF458ACC849159A10348DA4BE65A
Reporter abuse_ch
Tags:DHL FormBook zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dhl.com
Sending IP: 37.49.224.193
From: Noorul Hudha Jiavudeen (DHL) <norulhudha@dhl.com>
Subject: DHL OVERDUE NOTICE - 1300003150 [REDACTED_DOMAIN]
Attachment: 1300003150.zip (contains "1300003150.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27a4ea416a93e080d73043d8073d70a3eefbb5eeb498b5458f9e770cfadb03b2/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 06:33:05 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e6souqlkspqibvzqipmaoplqupxpxnpowsmlkrmptz3qz6w3aoza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/27a4ea416a93e080d73043d8073d70a3eefbb5eeb498b5458f9e770cfadb03b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 27a4ea416a93e080d73043d8073d70a3eefbb5eeb498b5458f9e770cfadb03b2

(this sample)

Formbook

Executable exe 7890ba83f1cbdd2e461231b4862c15ed80300d361715fecece651094de62bd85

  
Dropping
MD5 dfa480b29ba2ada38b30ca6821c10633
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7890ba83f1cbdd2e461231b4862c15ed80300d361715fecece651094de62bd85

Comments