MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c4af1a851be45266f14fb001e1aec146010375b25f4695befb1bda3ee682b02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c4af1a851be45266f14fb001e1aec146010375b25f4695befb1bda3ee682b02
SHA3-384 hash: c7de22e1a1dad343acdd3204e78b7dce8addc1df1a6bfa86c803afcadfd623d5f6b66b10c26baaa3dc22cb455f0c8acb
SHA1 hash: 4ef024e1e4eb79498d2c85d05ad73a5ac2e12f6d
MD5 hash: 984855cb8520c8266026d46e14b382c5
humanhash: beer-london-zulu-violet
File name:Bank Details.r21.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:257'757 bytes
First seen:2020-06-17 10:11:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Ep7qE2qNN1GlD+vzveC7EimbMvypR/So9k:Edb/GlwcTbqy3Som
TLSH A04423F608C3EC33A0106DC9EF6D78A45A7A14C73F261D1539626895ABF813E67FAC14
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dujimwa.com
Sending IP: 64.225.44.144
From: "Mr. Paulina Cruz" <info@dujimwa.com>
Subject: Bank Details
Attachment: Bank Details.r21.zip (contains "Bank Details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.54526.11083.31828.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 10:37:13 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrfpdkcrxzcsm3yu7mab4gxmcrqban23ex2gsw7pwg62h3tifmba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 8c4af1a851be45266f14fb001e1aec146010375b25f4695befb1bda3ee682b02

(this sample)

FormBook

Executable exe 7d65c5f831361d3e7441c49dfe9e5a286c1b142fa1315c3460e144b240a2afaa

  
Dropping
MD5 b2016e87a029782ddb34daea60018a89
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d65c5f831361d3e7441c49dfe9e5a286c1b142fa1315c3460e144b240a2afaa

Comments