MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3de1aa5cd2d05f38c192ebecf2a0fdcd04174fdc217879e5c52b331d16702e52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3de1aa5cd2d05f38c192ebecf2a0fdcd04174fdc217879e5c52b331d16702e52
SHA3-384 hash: f7233229b166ba66b32eca396583fe9b1d18afa789dc60516aef88354710ac769f6f5be847cb555b478b1097b9399ce9
SHA1 hash: 3c01b5425f27dbfbdc2557cd002d1c303d5b209e
MD5 hash: c73755b8ad20a371ac935f5820371563
humanhash: freddie-early-finch-ten
File name:COVID-19Vaccine.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:43'151 bytes
First seen:2020-03-27 09:49:07 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:IM7qWa/WlzcSys+Zxtidh7pRDSWfz0crxwmpDLOVU9R2QyZqiBq5DJioZQfNI1Ug:hq7/Dtih7eWfXrxjOTRIiBsDrOdAoe
TLSH 7C13F27D438666B6249B74CAC1189F0CFE40839F03E7E240A1A3695B356D1E86F1AF93
Reporter abuse_ch
Tags:COVID-19 exe FormBook GuLoader gz


Avatar
abuse_ch
COVID-19 themed malspam, pretending to come from "Dr. Stella" at WHO:

GZ archive->GuLoader->FormBook

HELO: ps.hostingenlaweb.com
Sending IP: 108.170.35.67
From: Dr. Stella WHO Asst <noreply@WHO.com>
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: COVID-19Vaccine.gz (contains "COVID-19 Vaccine.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Downloader.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 05:51:24 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
8 of 45 (17.78%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hxq2uxgs2bptrqms5pwpfih5zucbot64ef4htzoffmzr2ftqfzja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 3de1aa5cd2d05f38c192ebecf2a0fdcd04174fdc217879e5c52b331d16702e52

(this sample)

FormBook

Executable exe 0e0472b3b50c46eff5b4529b1bb8dd54f60db45f4bc772d3bef3666a72e15898

Formbook

Executable exe 2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9

  
URLhaus
https://urlhaus.abuse.ch/url/330807/
  
Dropping
MD5 cd5faffe1a0378ef892d798532c399a6
  
Dropping
SHA256 2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9

Comments