MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f8a7e08b8f592b5ce79252361c603e3ddb193dec8583134d10eb28859cb03bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f8a7e08b8f592b5ce79252361c603e3ddb193dec8583134d10eb28859cb03bf
SHA3-384 hash: 18422bf1a79d7f643b017dd57ffb78741b0439407b8d5ab30f8da576fa41e638e1acacbde7908f90bbd221af2c45d71f
SHA1 hash: 1c644fe8b1ca65e5e579267c56d73ba20c1f5665
MD5 hash: 17b871cb444e1495587aff065d3383bc
humanhash: oven-winner-purple-snake
File name:new order.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:311'375 bytes
First seen:2020-06-19 07:14:59 UTC
Last seen:2020-06-19 08:57:35 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:xxBbd/0niN4Yy6y1e5RNwhKzgvt2xGSLbswJ45V3w52D8vvoqOfkhtiQG:xF8zkRNKALLJ4zg52KoqOfk1G
TLSH EC6423E9B7D01F4336E898BB1E79EB8FE03795D92B4040C8D0B8731E69E96B3C681155
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.linux94.papaki.gr
Sending IP: 195.201.245.217
From: sales@gdynamix.com
Subject: Re: Re: Re: Re: Re: new order
Attachment: new order.zip (contains "new order.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21190.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-19 07:16:05 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h6fh4cfy6wjllttzeurwdrqd4po3de66zbmdcngrb2ziqwolao7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 3f8a7e08b8f592b5ce79252361c603e3ddb193dec8583134d10eb28859cb03bf

(this sample)

FormBook

Executable exe a6534d12c87d0d8093cad2787b01a05c6caa0771f1b1cb51b809ee1ae9f48044

  
Dropping
MD5 55f28de87369467a9283fe939102bcfe
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a6534d12c87d0d8093cad2787b01a05c6caa0771f1b1cb51b809ee1ae9f48044

Comments