MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a97fbcb7d0e5c25f306c9c10769bf6961622b0f6faa131f06d4408e2e11cb3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a97fbcb7d0e5c25f306c9c10769bf6961622b0f6faa131f06d4408e2e11cb3e
SHA3-384 hash: 3a19878a64bbca414432e9757400eb97c807970c868ac97c8c071715d668823e5915b2677b49d9995c3dabdc1c95c87e
SHA1 hash: bf7dd56f0d4116ca166476cc026e8651f61e4707
MD5 hash: 010e157e27e67b5eba6cc024ed6d06fe
humanhash: earth-finch-video-summer
File name:Purchase Order 5523 for acknowledgment.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:214'135 bytes
First seen:2020-05-20 06:54:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:iev5GvaSn9ba09TScGAd0Xh5B6aDcbsFX:isA9z9+c90R3zDcbsFX
TLSH 06241212DE52A94C20DBD0F1B65ADD81A1EF69841CBDC3E1914AA0E4DCE1AFF6317E48
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: outriger.biz
Sending IP: 156.96.59.92
From: Kim Sung Hae<sales@outriger.biz>
Reply-To: aoer.wzaoer@gmail.com
Subject: Re: Purchase Order 5532 for acknowledgment
Attachment: Purchase Order 5523 for acknowledgment.zip (contains "Purchase Order 5523 for acknowledgment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:36:44 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tkl7xs35bzocl4ygzhaqo2n7nfqwekypn6vbghyg2rai4lqrzm7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 9a97fbcb7d0e5c25f306c9c10769bf6961622b0f6faa131f06d4408e2e11cb3e

(this sample)

FormBook

Executable exe a119b8bd8e1427830ac76a7649318c0b2e9deb263b6c5e4ea0290c558d159b13

  
Dropping
MD5 cf216cbb2e6d22f4c374fa2864953ceb
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a119b8bd8e1427830ac76a7649318c0b2e9deb263b6c5e4ea0290c558d159b13

Comments