MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a8989e1e1ec9dd2b77972c583d06ea727179d6f4471a04d9a6c0ce7de7635ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a8989e1e1ec9dd2b77972c583d06ea727179d6f4471a04d9a6c0ce7de7635ce
SHA3-384 hash: 8eaf7a732a655ec77d2646c6650e25845249fe8fba1bb5089b73415e2d8aa59ed9c5fd0d408fcb8d89952c5cca58bc53
SHA1 hash: f7f03720913dd7eee4eff06e0166607853962a13
MD5 hash: 58f84198c1d6164d8ddd1b3fb0fe7d75
humanhash: tango-twenty-bravo-foxtrot
File name:TNT AWB TRACKING DETAILS.PDF.z
Download: download sample
Signature FormBook
Create hunting rule
File size:445'870 bytes
First seen:2020-06-01 20:01:24 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:u8pAno8Nan3oL05ONWu5VjRMEqg6+vq5mgGGbhpes:/p4Fw4L030VjuN2vubhUs
TLSH 2394233E66701209ACF2EB98021FF301EA536099DA9A749D407427DBF6D783F65CD728
Reporter abuse_ch
Tags:FormBook TNT z


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.mastgrq.com
Sending IP: 188.225.33.4
From: TNT DELIVERY OFFICE <farahnaz@pakpaper.com>
Subject: TNT Express //Arrival Notice // AWB #9078013580 1/06/2020
Attachment: TNT AWB TRACKING DETAILS.PDF.z (contains "TNT AWB TRACKING DETAILS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200602-0822.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 14:02:24 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pkeytypb5so5fn3zolcyhudou4trphlpiry2atm2nqgopxtwgxha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z 7a8989e1e1ec9dd2b77972c583d06ea727179d6f4471a04d9a6c0ce7de7635ce

(this sample)

FormBook

Executable exe 7ab0536cfb060833dc451bb4173ef0463bcc6603aa56571e9cb8064a6e61883c

  
Dropping
MD5 52f89b60e5621c824a5a0d008501e324
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7ab0536cfb060833dc451bb4173ef0463bcc6603aa56571e9cb8064a6e61883c

Comments