MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 736b7cd2f4c5db0fbb9fcd8a5f7f941e83c4133ed14571d59eac5d754019aaba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 736b7cd2f4c5db0fbb9fcd8a5f7f941e83c4133ed14571d59eac5d754019aaba
SHA3-384 hash: a22da85fa718c4dda554102bb571c0fca23ddfe1ddb18f48a7eb8502df7787f73b2d2d1d1c3f8e3028aebb33941bcd51
SHA1 hash: fe188477f5f0ef144e25d0fbd3deb3a3461cbdd2
MD5 hash: 204ad0e3f63de178838bca61f24db8a9
humanhash: georgia-sixteen-harry-georgia
File name:invoice 1.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:282'475 bytes
First seen:2020-06-08 14:59:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:PTDTuvzRI4gJk4L+W+xyy8wfQNvYL4O/qq1LG:PH8tXvw+LxD8wfwvYpD1LG
TLSH 495423896D7EFFB83A8F6D507CCB582C771740B8258E34E7D1C6E2F148250A4A6491AF
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: moutaichina.com
Sending IP: 172.93.161.29
From: Mail@moutaichina.com
Reply-To: Ibn.01@outlook.com
Subject: 新命令
Attachment: invoice 1.zip (contains "invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21615.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23810.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.PUA.InstallCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:27:44 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=onvxzuxuyxnq7o47zwff674ud2b4iez62fcxdvm6vroxkqazvk5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 736b7cd2f4c5db0fbb9fcd8a5f7f941e83c4133ed14571d59eac5d754019aaba

(this sample)

FormBook

Executable exe bb973839df53081c969a7e6647bdfc2d3090b43b496fe8e2244a51a604264112

  
Dropping
MD5 0060b9cfb3b239c92f18f3b1ae7d8c3c
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bb973839df53081c969a7e6647bdfc2d3090b43b496fe8e2244a51a604264112

Comments