MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50b67b772cb68781a8633c7b668da95dcb3112d72b1b8fc2ea62fdc876f58d5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50b67b772cb68781a8633c7b668da95dcb3112d72b1b8fc2ea62fdc876f58d5c
SHA3-384 hash: b0fa74c291b29d41b062df6839c218884aa71cb8022fe70a88090c44da0fc9501016187021b633f7091c7888c1c04da5
SHA1 hash: 08917f388739c43f483aef7ee0fc9a208ac57d6d
MD5 hash: 29d58a14350b8cc10c718e988b09ae5b
humanhash: lamp-moon-fanta-violet
File name:order pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:414'194 bytes
First seen:2020-07-06 11:37:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:cLyJb3ewCdQlFKwqChNYAj+Ej0jThSC7nMPJ3gskA4P8zhFzQ/0Aoz+opJFpyaD/:4yJKwCdRwqCDYMj8MP9gsuQFc/9Ct7
TLSH DF9423FFA00501BFA5FB185AFDBF55FD64C1E30A5069A86827C200E79A1FD8718A2C59
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: spock.gnoft.com
Sending IP: 176.9.117.66
From: batam <batam@pmcontrol.com>
Subject: Ri: Ri: Ri: Ri:Ri
Attachment: order pdf.zip (contains "order pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.23712.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25650.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24092.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/50b67b772cb68781a8633c7b668da95dcb3112d72b1b8fc2ea62fdc876f58d5c/
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 11:39:04 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kc3hw5zmw2dydkddhr5wndnjlxftcewxfmny7qxkml64q5xvrvoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 50b67b772cb68781a8633c7b668da95dcb3112d72b1b8fc2ea62fdc876f58d5c

(this sample)

FormBook

Executable exe 5d4ee1d47b298efcc8475545d1d28ccaf61192def8085636e225019cced7f9cd

  
Dropping
MD5 816e9673b05e3ea408722a466e272a2a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d4ee1d47b298efcc8475545d1d28ccaf61192def8085636e225019cced7f9cd

Comments