MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac48d8b2ef799eb1841b28bb0c954b932547599f8798cf88334d4db9847ba24e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac48d8b2ef799eb1841b28bb0c954b932547599f8798cf88334d4db9847ba24e
SHA3-384 hash: 6616b520403eedd8cc74aeca1a96baffe6aeea3ebe59a61f138861f58f837456e8f38a1eb6e17a8c72457921049c1953
SHA1 hash: db8a9e597a3051095d7c5bb8e914b5e5a9b83e28
MD5 hash: 0b90c30b7c44a7a194d19e226245ab5c
humanhash: earth-fourteen-yankee-network
File name:attachments.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:267'740 bytes
First seen:2020-06-12 09:48:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:8IVo2+66osRWGE9TEQanrCUB0Lq4gwYEZm1+7lxZqVX7r:8Ii2+6LsR1E9TErCsPwYEbuXf
TLSH 82442347C6B88A77D941FD233B08B7E5524923803DEA26E0EF4831A961C6F7831957E7
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: victim-domain
Sending IP: 193.142.58.27
From: victim-email
Reply-To: wiz2018@bk.ru
Subject: Fw: 2020 Latest Company Memo / Circular
Attachment: attachments.zip (contains "2020 Latest Company Memo Circular.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.931.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 09:50:11 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vrenrmxppgpldba3fc5qzfklsmsuowm7q6mm7cbtjvg3tbd3ujha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip ac48d8b2ef799eb1841b28bb0c954b932547599f8798cf88334d4db9847ba24e

(this sample)

FormBook

Executable exe 792ee40918c1cb2ebf202212c5f5bf3f1c945f18e60a93ebca0cd3a9f6bc77cf

  
Dropping
MD5 15d53fedfee46c73257fd1fa29d0cd08
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 792ee40918c1cb2ebf202212c5f5bf3f1c945f18e60a93ebca0cd3a9f6bc77cf

Comments