MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b8707b7cc3934d1a511531be8fd47ad3e0a9358f2610469b41b5013bc5c0300. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b8707b7cc3934d1a511531be8fd47ad3e0a9358f2610469b41b5013bc5c0300
SHA3-384 hash: 5376248b6cf6766f61718d1a3bd67f1f086a695f7c53a6866ad73bd22e19dd4382122a83cef49c81df44daf8d3b075fb
SHA1 hash: fc78ebf15735cb435396a60d19cc3f8628a0446d
MD5 hash: b8d1e198a1f2ed33a6776136071d5dba
humanhash: romeo-alaska-alabama-avocado
File name:P.O_N-2024-12000192.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:432'607 bytes
First seen:2020-06-24 07:39:36 UTC
Last seen:2020-06-24 16:41:32 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:Hy4DBHuBT7hmcwW7AOv1iTW+6vv60tyCtP:HrdYNHBPD+2RtHP
TLSH FD94239D6600165F22BE73CB73A7D3989927FCA5588CE7473AA86447CED04B71B070C6
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: serve0.isnicanada.com
Sending IP: 104.168.144.48
From: Royal Dutch PLC<admin@royaldutch.com>
Subject: Purchasing Order for June 2020
Attachment: P.O_N-2024-12000192.zip (contains "topshot.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Zusy.307394.10737.8106.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b8707b7cc3934d1a511531be8fd47ad3e0a9358f2610469b41b5013bc5c0300/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 07:41:12 UTC
AV detection:
36 of 48 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=todqpn6mhe2ndjirkmn6r7khvu7ave2y6jqqi2nudnibhpc4amaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 9b8707b7cc3934d1a511531be8fd47ad3e0a9358f2610469b41b5013bc5c0300

(this sample)

FormBook

Executable exe 3728512611c6ee87eb10801440297ad72cb9cdbe25947db3f6dbbb791d7e0ef3

  
Dropping
MD5 61f699fcb49178f7e9bc706033f9c29f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3728512611c6ee87eb10801440297ad72cb9cdbe25947db3f6dbbb791d7e0ef3

Comments