MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d4647057817cd011e6bf41a0bedabb2bf64663863a63aa2235502339fababa3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d4647057817cd011e6bf41a0bedabb2bf64663863a63aa2235502339fababa3
SHA3-384 hash: 59f61be8fb5dec38c54374306faa964c2ba4d1cd486dbdba9c65e369c01c3135b54cdba32d7fd2b17809acae6d282f2d
SHA1 hash: 9de8189680ae75e80fc08c6971696bbc0cf71e45
MD5 hash: d8825ddf0afbc53f479c66461c046db0
humanhash: colorado-indigo-table-lithium
File name:COT001124.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:432'996 bytes
First seen:2020-07-31 07:50:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:rrV3COkBl51MoOxdeoY4L26YCfWsJvUWp1ROvDYdN3hfBpzLAYHziJq+3BLVPKa:rrV3SMoOWCtvHh+6N3LRtiH3BLJ5
TLSH 0D9423AC4BA74B76909ACA227905EC8FE6A761C48C7B8C563853034462653BD7138FB7
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: smtp69.ord1d.emailsrvr.com
Sending IP: 184.106.54.69
From: Gloria E <dmendoza@corteacero.com.mx>
Subject: CotizaciĆ³n baldosa pvc
Attachment: COT001124.zip (contains "COT001124.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d4647057817cd011e6bf41a0bedabb2bf64663863a63aa2235502339fababa3/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 07:52:14 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvdeoblyc7gqchtl6qnax3nlwk7wizrymotdvirdkubdhh5lvorq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d4647057817cd011e6bf41a0bedabb2bf64663863a63aa2235502339fababa3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 8d4647057817cd011e6bf41a0bedabb2bf64663863a63aa2235502339fababa3

(this sample)

FormBook

Executable exe 81c7545ad871b477660e586efb7ce289931d3bc089ba4c0c9f615ecb144f0a76

  
Dropping
MD5 aed979b3d4c9613f225ed1cf36834d55
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 81c7545ad871b477660e586efb7ce289931d3bc089ba4c0c9f615ecb144f0a76

Comments