MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54c3ecd780489e1ee11fab520f6bc6d22a5f0820a33eb8dea8a073c55a57a875. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54c3ecd780489e1ee11fab520f6bc6d22a5f0820a33eb8dea8a073c55a57a875
SHA3-384 hash: 4e11d52ffa593fbd32eaf93896688531cb492afc7a502dfc852cb489a373f23b3831cdf8de9654b21fee1013fb0f0e32
SHA1 hash: bc6a29889a8395b4d2712565ddbd622fde2af342
MD5 hash: fa067c78ec6f9a86b79827ccf0347712
humanhash: two-lemon-oranges-jupiter
File name:Shipping Document.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:366'067 bytes
First seen:2020-08-15 05:54:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DOA3YbuypZo5tXR63LXw2lIGtxr96VYpciMz8OD1Z8CtY440b1Okn73pXcCZWeHV:aJA5z63LXRIGXrUWp37ODB0I1Okn73p3
TLSH 60742393D13747887C4BD9BA442BA79AE0B40F9C4675F39E85F8A3028746408FDAF5D2
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.h-email.net
Sending IP: 156.96.59.30
From: ''Support''<supportvietnam@dhl.com>
Subject: Delivery Notification
Attachment: Shipping Document.zip (contains "Shipping Document.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20910.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54c3ecd780489e1ee11fab520f6bc6d22a5f0820a33eb8dea8a073c55a57a875/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-15 05:55:11 UTC
AV detection:
17 of 25 (68.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ktb6zv4ajcpb5yi7vnja626g2ivf6cbaum7lrxviubz4kwsxvb2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/54c3ecd780489e1ee11fab520f6bc6d22a5f0820a33eb8dea8a073c55a57a875

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 54c3ecd780489e1ee11fab520f6bc6d22a5f0820a33eb8dea8a073c55a57a875

(this sample)

Formbook

Executable exe d1dfcf2c14f3a10655f061a7833367abdcdeba8ad5ab3843edc4bed4ec19e9f9

  
Dropping
MD5 f19cdd42bfeab433f08588bcedfd51e1
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1dfcf2c14f3a10655f061a7833367abdcdeba8ad5ab3843edc4bed4ec19e9f9

Comments