MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 793e3f0e9dd12d5d5461f19d87385c86f3527687f65e7398f20c4335aa6acbd1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 793e3f0e9dd12d5d5461f19d87385c86f3527687f65e7398f20c4335aa6acbd1
SHA3-384 hash: fa4fa1f3653c47b83941534f4515ddadcd2868fcc92cf30120a0406982668aa518be2712d35cf9424852a2783c1ed5f8
SHA1 hash: 7a03980a1fc69560511748858e208f7ae0a65b59
MD5 hash: 1fa088f57b7ae713683482043adaf224
humanhash: florida-eighteen-beer-gee
File name:MAERSK LINE SHIPPING DOCUMENT.pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:807'444 bytes
First seen:2020-05-13 06:26:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:CYydpP1sVpD6ipwIeX6F6dhWlsTYUolVJC:fyP1sz06FKPT6lVg
TLSH 390523BB10193C46507AC03BE8CF9575DD3E383A9D4EC6BBB73E61942ADA844B0C885D
Reporter abuse_ch
Tags:FormBook Maersk zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail0.61.menxtinuon.casa
Sending IP: 161.35.65.177
From: Maersk Line <service@maerskline.com>
Subject: MAERSK LINE SHIPPING DOCUMENT & DELIVERY LOCATION FOR B/L NO. 968125657 ETA
Attachment: MAERSK LINE SHIPPING DOCUMENT.pdf.zip (contains "MAERSK LINE SHIPPING DOCUMENT_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:37:03 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pe7d6du52ewv2vdb6goyooc4q3zve5uh6zphhghsbrbtlktkzpiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 793e3f0e9dd12d5d5461f19d87385c86f3527687f65e7398f20c4335aa6acbd1

(this sample)

FormBook

Executable exe 720f6f2a125359d8b85eea767c95d0059cb46eba2fc05a53bcfbf73b5bfc8531

  
Dropping
MD5 163aabf4097c684eaa894e3bebca1c10
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 720f6f2a125359d8b85eea767c95d0059cb46eba2fc05a53bcfbf73b5bfc8531

Comments