MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b32a471a19e78217ba94e7663567c3b1b1d86090df2febfb00bc2bd76b1e66a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b32a471a19e78217ba94e7663567c3b1b1d86090df2febfb00bc2bd76b1e66a
SHA3-384 hash: e9c3a2c844cf4fa062e8b0af44c2711e53f99db627bc0fa2a454113b210d01544f075ad2922081b84aacf3a0a95decfc
SHA1 hash: 5989545dc4ba8c40d450948ad68cbad820a4b2bd
MD5 hash: 8db140849e3c8d9b212671d45702096c
humanhash: artist-neptune-earth-mobile
File name:DHL AWB 60073535404.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:477'096 bytes
First seen:2020-07-07 09:51:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:4lpqZ0N9Ivrk3yiOs39vOui2qleMNueNPmbWz7BH/B8xz:bi9IvI3yiP9EeMJN+8H581
TLSH 2DA423AF43C109F6275AFA1133DA660D20756CB03B41ACCF075A0E2EC576DBA55688EE
Reporter abuse_ch
Tags:DHL FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: serve0.teevraexports.pw
Sending IP: 104.168.214.4
From: DHL EXPRESS ® <totaltrack@dhl.com>
Subject: DHL AWB 60073535404 / Lectra S.A. / SEZ Customer Invoice waybill
Attachment: DHL AWB 60073535404.zip (contains "stud.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.18879.21615.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b32a471a19e78217ba94e7663567c3b1b1d86090df2febfb00bc2bd76b1e66a/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:53:05 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmzki4nbtz4cc65jjz3ggvt4hmnr3bqjbxzp5p5qbpbl25vr4zva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 8b32a471a19e78217ba94e7663567c3b1b1d86090df2febfb00bc2bd76b1e66a

(this sample)

FormBook

Executable exe 9099123ab27c467c09e2483339756820e29e6d8cd3d0346305d3873902e4af65

  
Dropping
MD5 6044900d66376321ad6f237d1b465ecc
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9099123ab27c467c09e2483339756820e29e6d8cd3d0346305d3873902e4af65

Comments