MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a703fd2372483e4bbb75bc96dd4f0f95c489eede136451016106eb6c62636658. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a703fd2372483e4bbb75bc96dd4f0f95c489eede136451016106eb6c62636658
SHA3-384 hash: 6a2b0b385abd02c80f1626dd0ff15c8a327a3bce92a7bd7dfb658826ae47a904fca0aacd74ba26c9160f7076a9626164
SHA1 hash: bfd56771284560488f9e28f65840880d7f130166
MD5 hash: a1244ca67b926fae807a19950991128f
humanhash: double-vermont-harry-three
File name:Bank letter.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-04 17:16:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:eqgeSLaMNtxmmOE0shTPuFFwjSBafCGEK+YfXYKpmJDGUYHtBeXqkGW:e93OElu3wuB83N8buBE
TLSH 5845CFE429EA521DE27F9EF4A6E07051E77AE3737207E30A6999024B4F13B51CF4112B
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: my.gt.com
Sending IP: 23.146.240.200
From: Charmane Koh <charmane.koh@my.gt.com>
Subject: REMITTANCE BANK LETTER
Attachment: Bank letter.img (contains "Bank letter pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.291.2545.12046.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 22:53:42 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u4b72i3sja7exo3vxsln2typsxcit3w6cnsfcalba3vwyytdmzma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img a703fd2372483e4bbb75bc96dd4f0f95c489eede136451016106eb6c62636658

(this sample)

Formbook

Executable exe 286add28a79440668077a7d762ee81ee169f1c08daa27bc680dbf8c8832d2785

  
Dropping
MD5 86bb43248e3ad56e9a839cc6c7b03282
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 286add28a79440668077a7d762ee81ee169f1c08daa27bc680dbf8c8832d2785

Comments