MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 288347bea0021ae77a23dbdfeab205aa07720b88ae574421a1dc17ee1ba315e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 288347bea0021ae77a23dbdfeab205aa07720b88ae574421a1dc17ee1ba315e6
SHA3-384 hash: a4816d8213b96d4e70809788b9d8515e8a1617304d440d415f961443bca2fd75405a1e42d64bcc6038e46d218c8b8344
SHA1 hash: edb37a69e27dfb75173be34e740693bfeeb574e5
MD5 hash: eb98f9149f506593256d19103179a9ea
humanhash: august-oxygen-jig-south
File name:RFQ- BDMC.Gz
Download: download sample
Signature FormBook
Create hunting rule
File size:274'916 bytes
First seen:2020-06-16 12:46:23 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:tC7a9UrTFS9cvJYzq/Q2xXEkQOBBFh0s5LOj/w6ASuibR4hX+DWnT/uUq:wW9UrccR5/Q2xUkQOjFusq/9AXskXPyR
TLSH DE44230493AB53E8BD28A703D7E12F25677E4A139761E9E1A383420F47FD56342D1F8A
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 162-241-215-82.unifiedlayer.com
Sending IP: 162.241.215.82
From: Benard Estrada <fzmt@fzmt.ru>
Subject: SOLICITUD URGENTE DE COTIZACIÓN
Attachment: RFQ- BDMC.Gz (contains "rEapCbVoctbGlWE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 12:48:04 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fcbuppvaainoo6rd3pp6vmqfvidxec4ivzluiinb3ql64g5dcxta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz 288347bea0021ae77a23dbdfeab205aa07720b88ae574421a1dc17ee1ba315e6

(this sample)

FormBook

Executable exe feb3b84e0ea9e1c3522e9a3258f8578ffe461a43ce41920d6b41fa19520ac7a2

  
Dropping
MD5 4527f0055a21654ff0892d7a4a88d1ec
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 feb3b84e0ea9e1c3522e9a3258f8578ffe461a43ce41920d6b41fa19520ac7a2

Comments