MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f84431741cecf17b3a9529c376d23e474c31e8de26bab5da4d688be6c7332cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f84431741cecf17b3a9529c376d23e474c31e8de26bab5da4d688be6c7332cb
SHA3-384 hash: 1f15d97fc4a24ed023b05d824d9dd099caeda0a3a64c0ce009a03a506c588a6263ccea2d3a26ed4b562ce03ed63faa5b
SHA1 hash: 8627146e5f2eb26e3eddbff6c4a120a1b23c577a
MD5 hash: 1f9942930c851bfb2d6de6af17bdbd41
humanhash: red-floor-hawaii-ohio
File name:contract supply list.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:288'452 bytes
First seen:2020-07-12 08:15:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:X/eiOMzxRLhKZWttdNEOhNYMaGWtkmG1Ea7pv4Zj1Na:XmtM4ZgtFNYLvumG1xVCJQ
TLSH 835423625AF6189416FC3F27A3715368D8070FD8A805EE804DEDA47BD098F855EE0FDA
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gmail.com
Sending IP: 37.49.224.106
From: inc ResourcesLTD<bhavyacontainers@gmail.com>
Reply-To: bhavyacoresourcesltd@gmail.com
Subject: RE:NEW Order for Jull
Attachment: contract supply list.zip (contains "contract supply list.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25603.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f84431741cecf17b3a9529c376d23e474c31e8de26bab5da4d688be6c7332cb/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-12 08:17:05 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h6cegf2bz3hrpm5jkkodo3jd4r2mghun4jv2wxne22el43dtglfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 3f84431741cecf17b3a9529c376d23e474c31e8de26bab5da4d688be6c7332cb

(this sample)

FormBook

Executable exe 24f64f0f4a0f7b860db4e664e4f4c76a08f20d3490966de4637958bbecc618ac

  
Dropping
MD5 1c8f2480d5bfe4d9bbe8bc432ccc5c97
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 24f64f0f4a0f7b860db4e664e4f4c76a08f20d3490966de4637958bbecc618ac

Comments