MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47c2f15af8f1e4daa69e815e7eea1e44b7b54d708efdf32508ddb461c27626c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47c2f15af8f1e4daa69e815e7eea1e44b7b54d708efdf32508ddb461c27626c5
SHA3-384 hash: d28f3ceb306ca6f466342720aec743d14f2c99407408968a2c17971f3c347b276a5073b9615af64452c099c2aa227abb
SHA1 hash: 92b1a2aaaa5b61af8d711a57ad825288ca7ff1ca
MD5 hash: 985e4c889da12e9febeb1820d1b6efb4
humanhash: bluebird-cold-nevada-grey
File name:Payment_Advice.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:494'052 bytes
First seen:2020-06-15 12:53:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:jkQwyvj6eOvKrs0xCQj7KQIU8aelAjrd9TUkevuc7+xVnr8:j5v+emAhcYFIUzbdevuZ98
TLSH 57B4239CB29DC8A6B09246BDF4851E907F08E4BD0BCCF512E6AA09B43E8DDC156F1D5C
Reporter abuse_ch
Tags:FormBook HSBC zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: terminal6.veeblehosting.com
Sending IP: 194.126.175.2
From: HSBC Advising Service <hsbcnet@lpmmalaysia.com>
Subject: Payment Advice - Advice Ref:[GLV611703252] / ACH credits / Customer Ref:[20200601161949.TXT] / Second Party Ref:[308492A]
Attachment: Payment_Advice.zip (contains "Payment_Advice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Injector.EMJE.18762.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20794.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:55:04 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i7bpcwxy6hsnvju6qfph52q6is33ktlqr367gjii3w2gdqtwe3cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 47c2f15af8f1e4daa69e815e7eea1e44b7b54d708efdf32508ddb461c27626c5

(this sample)

FormBook

Executable exe 8d692269e00163075c2d1bdeea0d8fe0ebb06c791233f692fa76e766095ec3ad

  
Dropping
MD5 05a028bf7e8b4118a97a57552fc4ba0c
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d692269e00163075c2d1bdeea0d8fe0ebb06c791233f692fa76e766095ec3ad

Comments