MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a5dc8fb14717b086d08e8929fa10ecf783b25ca20a0ee3dff5c2bac1ee8cc26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a5dc8fb14717b086d08e8929fa10ecf783b25ca20a0ee3dff5c2bac1ee8cc26
SHA3-384 hash: eb4351ace4ea22cfc4a1cd1f6496338aabe8a7fa22d68e24117ad696d610a0b19f8ee811838b95b00226787f2f3790e4
SHA1 hash: f074b184d2de90106968390304c493a6695fcdfb
MD5 hash: c78a802bfba9ba8f42acfcf2c02f3f2e
humanhash: fanta-timing-zulu-east
File name:__Ebury Transfer slip.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:232'206 bytes
First seen:2020-06-16 05:08:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ImJ6NKq0VLokav88HPrKNhVBhfdH3my+sTVg2N:nVq0etU8HjKjhl3FdTVnN
TLSH 833423DD38F561A5D1ACD4EA2CA73AE2A39425B59CDCB8B45440FEC11406CB0B327DFA
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: hwsrv-741280.hostwindsdns.com
Sending IP: 104.168.140.111
From: Ebury Operations <james@meidini2.pw>
Subject: Ebury bank slip
Attachment: __Ebury Transfer slip.rar (contains "__Ebury Transfer slip.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:10:14 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjo4r6yuof5qq3ii5cjj7iioz54dwjokecqo4pp7lqv2yhxizqta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 3a5dc8fb14717b086d08e8929fa10ecf783b25ca20a0ee3dff5c2bac1ee8cc26

(this sample)

FormBook

Executable exe ae5d3796c3f5cb07398607db131f984843b529115cfa13a6a9590991f29f5db0

  
Dropping
MD5 4dc5a1d1c81968f8b412f7332d5d6165
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae5d3796c3f5cb07398607db131f984843b529115cfa13a6a9590991f29f5db0

Comments