MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4894673038c422547aac401e1cfb76f8f9848aa903b3e7992e386686fea0acd8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4894673038c422547aac401e1cfb76f8f9848aa903b3e7992e386686fea0acd8
SHA3-384 hash: 9534b4fc46a932357e3c684c5b80ae2cf786ae3f69860565af56166ee7040c528938a378c98a9657db3ac0845c45e1c0
SHA1 hash: 8d9a129771423b76ba53a7fd53d8f6fb9f72f9b6
MD5 hash: f5e6e691897ea6965b7889f6729eb8b3
humanhash: alabama-triple-mockingbird-tennis
File name:Purchase order-077.pdf.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:435'444 bytes
First seen:2020-07-08 05:47:42 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:GFv0uSmqSxNr2PJl1BSviwUr8ZL1abK1sY/0D9MB:GSzVWNrAl1BmHUraL4bPQ0D9MB
TLSH 3894238864DAB388D857D573707433FBAA59FAC14B73A1B5120113AD7AC43A728B77E0
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ngay7.localdomain
Sending IP: 45.127.62.195
From: Gustav Ernstmeier GmbH <dayton@benhouse.com>
Subject: Order Confirmation no. MW951S2, Customer order no. 077
Attachment: Purchase order-077.pdf.gz (contains "Purchase order-077.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4894673038c422547aac401e1cfb76f8f9848aa903b3e7992e386686fea0acd8/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 05:49:05 UTC
AV detection:
36 of 47 (76.60%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jckgombyyqrfi6vmiapbz63w7d4yjcvjaoz6pgjohbtin7vavtma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz 4894673038c422547aac401e1cfb76f8f9848aa903b3e7992e386686fea0acd8

(this sample)

FormBook

Executable exe 59d1d791b7fa9ee1614c83e54a56e0ef4f028027696a06087d1c587f02e1a4ac

  
Dropping
MD5 5db757b5513e230d3e64206a6973eca1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 59d1d791b7fa9ee1614c83e54a56e0ef4f028027696a06087d1c587f02e1a4ac

Comments