MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6674ae975b8079fd9edf1293d718d54070dff7dce7b36812726e3ce7b6ffbba1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6674ae975b8079fd9edf1293d718d54070dff7dce7b36812726e3ce7b6ffbba1
SHA3-384 hash: f3832e6e1cd69619dfdfb596c86d23e8b7465bf5d9721f347d7def719c99d1dc6d6518b9ca82e7d6967cfa18544e0cfa
SHA1 hash: e50a189c1249b43c33899f1c9c98a059508666cc
MD5 hash: afbdcb9ec0052ee638733715b0e248ca
humanhash: lactose-nevada-oxygen-mountain
File name:Specification.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:263'867 bytes
First seen:2020-06-15 14:03:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:HzjDrpTdOPT7Ealstzey/9m6hsIDbpN9VM4b6WE98OB:TJYblYzPJsUbLF6b9RB
TLSH D6441251EA711B7C1DB3C84004DE06F67D8A9FDAA012878D19194D08EDC26B7BB87E4E
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: raw.automatica.mx
Sending IP: 193.143.1.76
From: Purchasing Department <helpens@raw.automatica.mx>
Subject: Purchase Order KL780122 (Urgent) for [REDACTED_DOMAIN]
Attachment: Specification.zip (contains "Shipping Documents and Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 14:05:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mz2k5f23qb473hw7ckj5oggvibyn756446zwqetsny6opnx7xoqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 6674ae975b8079fd9edf1293d718d54070dff7dce7b36812726e3ce7b6ffbba1

(this sample)

FormBook

Executable exe b49e31db6107c37ac7f40732102d9b574f9bdcafbc227d22122a527e5142e9e4

  
Dropping
MD5 6dc7c43be83d4b6b2e214e5bc28330b5
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b49e31db6107c37ac7f40732102d9b574f9bdcafbc227d22122a527e5142e9e4

Comments