MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6ca5260fe0d12121268026560ad699cf4f0dadf38b880359a12f283df97fed9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6ca5260fe0d12121268026560ad699cf4f0dadf38b880359a12f283df97fed9
SHA3-384 hash: f0247241144181a458355fa266c9e191fb34b73a4d02ed9b165654d2394ba43b79ffc2c3369a92cc7e554b7e58897862
SHA1 hash: 146fb815d165b3b0b160a223e8cec45baf8ea30c
MD5 hash: 15a68d0277505a388b3ba0e46d37f500
humanhash: rugby-charlie-don-music
File name:Purchase Order List.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:290'608 bytes
First seen:2020-07-01 05:33:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ny5b81OoEi78BPrZ6VKVFRf2FL8yWvCQe+81OkPBAaXp5SMwy6:y541OE8BAQRf2FVW6K8UkPaaXpED
TLSH F15423917CBFE61B61BE8DB004439F4231BD66806E2E7B0F7174056F4762E978A323A5
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.linux61.papaki.gr
Sending IP: 138.201.206.39
From: zhou <doris@haruixiang.com>
Subject: Re: Re: Re: Order.
Attachment: Purchase Order List.zip (contains "Purchase Order List.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6ca5260fe0d12121268026560ad699cf4f0dadf38b880359a12f283df97fed9/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 05:35:05 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w3ffeyh6bujbeetiajswblljtt2pbww7hc4ianm2clzihx4x73mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip b6ca5260fe0d12121268026560ad699cf4f0dadf38b880359a12f283df97fed9

(this sample)

FormBook

Executable exe 61ce52bb7cf517275e2bea379104a392630ec8dc216790a910f4586efbdca4fb

  
Dropping
MD5 962eef4cf460292ecc166f2b2fc98823
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61ce52bb7cf517275e2bea379104a392630ec8dc216790a910f4586efbdca4fb

Comments