MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d08228ca74544dba73ef3933c3ff5174ab4e61e258cca6d5569893bc6e259fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d08228ca74544dba73ef3933c3ff5174ab4e61e258cca6d5569893bc6e259fc
SHA3-384 hash: 65a8cfab285a4dfcf92a6bd9b08057893738e6e9cfbe39ab3f9f12d17b24014798d196c9bc8acfec5a47cbdb44a08756
SHA1 hash: 56f3775b682892513de9b989465bc7781899a851
MD5 hash: a2c10dd3edfd781c9094ae032f875ccc
humanhash: queen-blue-arizona-avocado
File name:COVID-19 VACCINE SAMPLES.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:25'127 bytes
First seen:2020-03-31 06:48:58 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:+5phItvSSl0dHiXcAjGpEGFfoR9ga519Pfy76HyUk/nt:+fhgSSad/FR2ga19PfyBlnt
TLSH CEB2D0ED9DF0DE8EF52F4CB2C02A42B99F65B1EC5B7972CC603192AD0588A73001E0D9
Reporter abuse_ch
Tags:arj COVID-19 FormBook GuLoader


Avatar
abuse_ch
COVID-19 malspam distributing GuLoader->FormBook:

HELO: momo.com
Sending IP: 89.36.214.239
From: Dr Luis Jorge Perez (WHO) <mcclure@cedarpoint.com>
Subject: Corona-Virus Disease (COVID-19) Pandemic Vaccine Released
Attachment: COVID-19 VACCINE SAMPLES.arj (contains "COVID-19 VACCINE SAMPLES.exe")

GuLoader payload URL (FormBook):
https://drive.google.com/uc?export=download&id=1VF3m3hCA36Tj4qIvieLmWFwgJEHZycBB

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 18:54:00 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nuecfdfhivcnxjz66ojtyp7vc5fljzq6ewgmu3kvngetxrxclh6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 6d08228ca74544dba73ef3933c3ff5174ab4e61e258cca6d5569893bc6e259fc

(this sample)

FormBook

Executable exe 8ec11f04a12e5db826d13fdc5d764ba00145a60dbf89db107f1d1d176d680316

FormBook

Executable exe 491afea427ab2e087853f552fc510577c77b5981a525f55a0cf4bec66d485a6e

  
URLhaus
https://urlhaus.abuse.ch/url/331992/
  
Dropping
MD5 dba4d996666a0446a151b04a5d0d07a1
  
Dropping
SHA256 491afea427ab2e087853f552fc510577c77b5981a525f55a0cf4bec66d485a6e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 491afea427ab2e087853f552fc510577c77b5981a525f55a0cf4bec66d485a6e

Comments