MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53b80c327454a3fb82a2b1b5eac96eeaaf91b3b309fdb4d8a3c8cc53d8ea1696. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53b80c327454a3fb82a2b1b5eac96eeaaf91b3b309fdb4d8a3c8cc53d8ea1696
SHA3-384 hash: 24f1cc60ad794fbd9059510d099d89c6896d7f2b5438b84285e4579275997167d5960ff0400f891b4c8a691fe426bf69
SHA1 hash: b6dd402d0ff58f6a04fd733d1c9fe0daca3d5130
MD5 hash: 5b4e54d72fa3294227f9591e2cfacd89
humanhash: pasta-march-oranges-fish
File name:Payment_Advice Ref_G51433980115....pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:235'550 bytes
First seen:2020-05-20 11:18:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:TSEGY/AR0ICyQMeOp4JSdiTho4L79XcVQ:TSEGY9DUOSdiTOmRXKQ
TLSH 123423665209583C75FFDFE2A6382237B670D9ADE1F452D430888CB5F4B26A4205FB74
Reporter abuse_ch
Tags:FormBook HSBC zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: srv.polarbearcreative.com
Sending IP: 77.235.58.77
From: HSBC Advising Service <advising.service.102574916.518660.1538757122@mail.hsbcnet.hsbc.com>
Subject: Payment Advice - Advice Ref:[G51433980115] / Priority payment / Customer Ref:[7147293 PAHRTGS1]
Attachment: Payment_Advice Ref_G51433980115....pdf.zip (contains "Payment_Advice Ref_G51433980115....pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Trojan.Siggen9.47311.25203.3723.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 08:57:38 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ko4aymtuksr7xavcwg26vslo5kxzdm5tbh63jwfdzdgfhwhkc2la._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 53b80c327454a3fb82a2b1b5eac96eeaaf91b3b309fdb4d8a3c8cc53d8ea1696

(this sample)

FormBook

Executable exe 76d45ff13654988781428940dab2825a158e15679d0f1faf9615b76a2cbff4a7

  
Dropping
MD5 419fdeab3e062e913643037511fee430
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 76d45ff13654988781428940dab2825a158e15679d0f1faf9615b76a2cbff4a7

Comments