MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f8690d427a33b78ff4f6b894ec82a2eae8ab92f6af1d7af9998b635d7fc2e15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f8690d427a33b78ff4f6b894ec82a2eae8ab92f6af1d7af9998b635d7fc2e15
SHA3-384 hash: 7e5da1abc3274679d5200c774ea70354a0a2efff2591a4935825e2b44e9bc7ebf44d0a8ff4f0e4992e6cfac5fa28061f
SHA1 hash: 0824c24092f561dd01400617206b78e05c4323ec
MD5 hash: 037430e1c587651fd2b58e81afb10351
humanhash: mike-spaghetti-fruit-montana
File name:P.ORDER.210520.Z
Download: download sample
Signature FormBook
Create hunting rule
File size:15'822 bytes
First seen:2020-05-21 07:35:51 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 192:MaDK1R+z798yd6Ev0Ji5T3u+ulUrNsdhDJDYGu58hDOXl36WTTovS3UtQ5FS0tPF:fD8YPcJyd+hNbOXECiS3UWM0wSB2F29
TLSH F662D08FBCE4468D8A65FB25B53F332EFF15DC544CA446F9E028AE835934BA24B0064C
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: vps.brightway919.com
Sending IP: 103.233.0.2
From: Brightway Trading Services <inquiry@bujan.com.ar>
Reply-To: sales@brightway919.com
Subject: REMITTANCE REVIEW FOR redacted@threatwave.com
Attachment: P.ORDER.210520.Z (contains "P.ORDER.210520.doc")

FormBook payload URL:
https://brightway919.com/order/21.05.20.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.VBA.BladabindiDldr.1.Gen.11123.7166.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Downloader.Obfuse
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:36:25 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r6djbvbhum5xr72pnoeu5sbkf2xivojpnly5pl4ztc3dlv74fykq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z 8f8690d427a33b78ff4f6b894ec82a2eae8ab92f6af1d7af9998b635d7fc2e15

(this sample)

FormBook

Word file doc 26ab418898511e23428738e2ffec693856268e683f2db04b9f243420cb40d889

  
URLhaus
https://urlhaus.abuse.ch/url/365979/
  
Dropping
MD5 e15681221e5dc6544983feda0419086a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 26ab418898511e23428738e2ffec693856268e683f2db04b9f243420cb40d889

Comments