MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5f43f551b8e8e2d57d9eef9ef9ad4617603fc19e5f7f0436d9669dc2e3af047. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5f43f551b8e8e2d57d9eef9ef9ad4617603fc19e5f7f0436d9669dc2e3af047
SHA3-384 hash: eed2dd7261e76d079553f5f8f2c4d0c23b475ce34cfe79f07a8cf1ad914133f8ea10d37f10d576dbfa44997108037e9f
SHA1 hash: 5d86e54ce1de7bebf3d13ca127363a22468f188f
MD5 hash: 2ccb1db1b49271a6dc48f5cf6d9781d9
humanhash: butter-happy-delaware-victor
File name:Payment Adv EAL 15.06.2020 usd 55,000.00_pdf.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:721'903 bytes
First seen:2020-06-15 05:34:02 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:XeZenThetcvSyO52qYWD5i2wRjfwl2nrGVL/nBYTNsGXAupDr+qqeLqI2I0y:XeZ244W2qYWlN6A2IL58NsGQMWqqeLqm
TLSH 5FE42361B608B48CF5916E43CA4717918BFCDB4F30576ABFA296C4E3D8CE4C1785EA48
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gains.creationmediaindia.com
Sending IP: 184.171.174.122
From: logo PT. KARANA LINE <info@bluebirdshipping.in>
Reply-To: jefirman@kerana.co.id
Subject: Payment Advance Vessels amount Usd 55,000.00
Attachment: Payment Adv EAL 15.06.2020 usd 55,000.00_pdf.arj (contains "Payment Adv EAL 15.06.2020 usd 55,000.00_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:35:10 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wx2d6vi3r2hc2v6z53467gwumf3ah7az4x37aq3nszu5ylr26bdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj b5f43f551b8e8e2d57d9eef9ef9ad4617603fc19e5f7f0436d9669dc2e3af047

(this sample)

FormBook

Executable exe 7378560e6a7dd993634e25ba4c6f301172c742d82c7ae0fd8c71c986fe4af5ba

  
Dropping
MD5 c83872793e19b07fe8a15bbaed3b9f71
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7378560e6a7dd993634e25ba4c6f301172c742d82c7ae0fd8c71c986fe4af5ba

Comments