MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8
SHA3-384 hash: 2cad060f0b6986dbdca2bd48f7e70400229f514817126a0a07bddb3672a364f53b5d8348d0fd56693e5f53a78f1dbe61
SHA1 hash: 73669194e71efa0b222ffd27625783ea25382712
MD5 hash: 68378be4104c3c2755528a8b220bed75
humanhash: uncle-triple-april-mountain
File name:68378be4104c3c2755528a8b220bed75.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:671'744 bytes
First seen:2020-06-06 07:03:57 UTC
Last seen:2020-06-06 07:45:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bf880529745f6ca8a7d1d526795da2f (2 x FormBook, 1 x RemcosRAT)
ssdeep 12288:fy+b1mt72GT7PV7yCoHpMLAKB701mTWtwOjOOikhLWcjcD:fl3GTJOkz70ITWfMcjc
Threatray 5'239 similar samples on MalwareBazaar
TLSH 66E4AF23F6E1853BC1672E7C8D1B567CA8297E502D1899473BE89D8C9F3A381352D2C7
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 07:05:05 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sp6jqfenxtdpc24pnsq5rplly2hk7mvuw2hgs4jvkypvqropqk4a._file
Verdict:
malicious
Similar samples:
01563eeff9cd4cb84253c2c9bc40762d118780ab89c6c7b82ce9c9cf0a56a818
FormBook
25f6c5158e721c17e99b7948f083978dc74f1d10e9a500000a7ff476e75eeac6
FormBook
2ee68069c79304ab2bc383e02c7d9f07ecdc9f91e9680afe381c72715225a89e
FormBook
3c758c3133fb2a7c7c51b2ec84028759bc99e1f3ca3bc22c1046d90f79801f76
FormBook
86d0178097eebb5010e24650ce79f80f19567ad2872f0f0b7325761a01cf67f5
FormBook
8afd54f2ed0af6d9593b0985cec1604748ca753900859fe4ee225d21b574e55e
FormBook
ab654da16e2c42b2547b884c79f0829214b34e0d1db7ab0ad23271a66f3298c3
FormBook
be29f9be4b998a7893c2c182c972406067eaf913364484a1fa824133d71ef54f
FormBook
da63e8bb36574c655d7d306574afbc4a67396b12cf8553b1149e0ac8560dc313
FormBook
f4cbb077c89f62bb6542489c882b324e8e2880dc3970e2540e61d1d25fff157a
FormBook
+ 5'229 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 93fc98148dbcc6f16b8f6ca1d8bd6bc68eafb2b4b68e697135561f5845cf82b8

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments