MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 5 Yara 2 Comments

SHA256 hash: ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b
SHA3-384 hash: 30725101ae57d66151a2d95ec578be3072da1f8487a91ac2f6a2379f489f69feaa25611e140d200e19351e23b1c047e7
SHA1 hash: 58060b2ab7c2441aeb29a034c48fc190c9789281
MD5 hash: c66f665b6e12b556e6c90b52af988edc
humanhash: oscar-west-maine-video
File name:vbc.exe
Download: download sample
Signature Formbook
File size:454'656 bytes
First seen:2020-06-30 06:47:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:RoKS5+HFnqBs8fgm/W/uHzg1TtQ/VMIRXLlHqS5mBXPW13HQ3v:qeFnqBscg/IMtQ9MIJLl3yXPW13HQ3
TLSH A8A43A277D41F12CC0165A3380EE1D56A37569E12333C70FAB4F67A85E4529B7E2A22F
Reporter @abuse_ch
Tags:exe FormBook

Malspam distributing Formbook:

Sending IP:
From: "Maersk Line " <>
Subject: Scan Bill of Lading
Attachment: Scan Bill of Lading.xlsm

FormBook payload uRL:


Mail intelligence No data
# of uploads 1
# of downloads 31
Origin country CH CH
CAPE Sandbox Detection:Formbook
CERT.PL MWDB Detection:formbook
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Occamy
First seen:2020-06-30 06:49:03 UTC
AV detection:21 of 31 (67.74%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   8/10
Malware Family:n/a
Tags:evasion trojan persistence spyware
VirusTotal:Virustotal results 36.62%

Yara Signatures

Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b

(this sample)