MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6243d69348a8cbe563adfc29eed962b407aa4661ae36dcf72bd5dc7ebffeb98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6243d69348a8cbe563adfc29eed962b407aa4661ae36dcf72bd5dc7ebffeb98
SHA3-384 hash: 93940af1362a67f6049c52d48eecac93870969873bc2553a17d7bb0b60c91875f934305b49874d91bd176e1c86771292
SHA1 hash: 9ec44f8c34f9459cb741d6d88878b79d1eba276f
MD5 hash: 8451ddae0654c3d0fe4ffdade60990f4
humanhash: florida-salami-oklahoma-delta
File name:Request for Quotation RFQ 26966.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:226'734 bytes
First seen:2020-05-25 13:53:24 UTC
Last seen:2020-05-26 06:15:02 UTC
File type: zip
MIME type:application/zip
ssdeep 3072:tWu3sNXRXaYLyn20mr4scIWZU6ryMpe2YUWGxCNkiIi8wdtEZzlSvtb6Sl:tWu8NXRtL+2r4aAbWGxCmi8wdtEZZYb3
TLSH C124237D5FAD9797B412329F0BD2E49B1FD6C0D1E4D41C27319ACA331C4AAA6BC84B84
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gmail.com
Sending IP: 37.49.230.162
From: Steve.beerbower<Steve.beer571@gmail.com>
Reply-To: wanlin.goh.prolink2u@gmail.com
Subject: Request for Quotation (RFQ 26966)
Attachment: Request for Quotation RFQ 26966.zip (contains "Request for Quotation (RFQ 26966).exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip b6243d69348a8cbe563adfc29eed962b407aa4661ae36dcf72bd5dc7ebffeb98

(this sample)

FormBook

Executable exe 2ad7a9c76778a5cbbf458819852689c82153acca51da8fe58eed37c126d5b755

  
Dropping
MD5 ae059cf20b81d149e611ad687eb20176
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ad7a9c76778a5cbbf458819852689c82153acca51da8fe58eed37c126d5b755

Comments