MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa207e0f5f2bad97d8a0209d6d5b4583ecb32311aba7c6e996125f0a07c11c02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa207e0f5f2bad97d8a0209d6d5b4583ecb32311aba7c6e996125f0a07c11c02
SHA3-384 hash: 5e75267efa14473f99f78a7064a3baec461b723131451e469be9f9e6135e09b2d389f4da53aac1ec01a0b53bfee69317
SHA1 hash: e9a8896fe4ef5b40f2e1d88b023d527b3044f270
MD5 hash: 03a68b507c40e441b222f8d8a1c1cdaa
humanhash: quebec-double-foxtrot-arkansas
File name:Aquatherm Rechnungen 384890 _Xlxs.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:397'319 bytes
First seen:2020-05-13 16:25:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:004aUe4Oi6tvqTXw0CBp5sZEnK0yLk7iUXiM:t+e4YvqTArp5sZEKlLVciM
TLSH 5D8423DF3644D0A6B2EED2F109080E12A7FAF4ED74FC618E6D8169A0D334D6771AB491
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: hostdetrazos.es
Sending IP: 188.164.198.15
From: benny.bian@mandarin-tech.com <benny.bian@mandarin-tech.com>
Reply-To: benny.bian@mandarin-tech.comt <jessivafi@gmail.com>
Subject: AW: Aquatherm Rechnungen 384890
Attachment: Aquatherm Rechnungen 384890 _Xlxs.zip (contains "Aquatherm Rechnungen 384890 _Xlxs.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 16:36:22 UTC
File Type:
Binary (Archive)
Extracted files:
264
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=viqh4d27fowzpwfaecow2w2fqpwlgiyrvot4n2mwcjpqub6bdqba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip aa207e0f5f2bad97d8a0209d6d5b4583ecb32311aba7c6e996125f0a07c11c02

(this sample)

FormBook

Executable exe 49f8b73df45213da0f86e871fbd8d231cdfcc30e7ef8041d38ef062884e47b2e

  
Dropping
MD5 82015111b3cffed68fee74b525f3265b
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 49f8b73df45213da0f86e871fbd8d231cdfcc30e7ef8041d38ef062884e47b2e

Comments