MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b85dab6f01b2a8b407057d4c98fdfa7186d3b1c5e296209b4798eb2f7fa6d314. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b85dab6f01b2a8b407057d4c98fdfa7186d3b1c5e296209b4798eb2f7fa6d314
SHA3-384 hash: 65ba32c6dc53432db68c64fe8e4b0e79fd96e8e794e8737260844d8f0c078307043d141153a0c1d9c88266d4a6cc6555
SHA1 hash: a2511979ab6d28e72cb652e2c0bf31f5a66cd880
MD5 hash: f7e69eb20eb89c951dbb0acf9c131902
humanhash: missouri-texas-video-angel
File name:payment invoice.img
Download: download sample
Signature FormBook
Create hunting rule
File size:237'568 bytes
First seen:2020-07-07 09:02:41 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:E3nqVAjxLBfQTbHBjNKNaB3acljifP7ABl3:WNxLB4TbHBNHlaJfjAB
TLSH 4234AF32D641C070E2B242B5B67D0B7B883E0D343255A0E5F3E91AE16FA59E5F52A31F
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail0.605.wulongdimkim.casa
Sending IP: 165.227.52.208
From: Shabeer M. T <shabeermt@lamco.ae>
Subject: Re: Payment Assistance Due To Covid-19 Pandemic
Attachment: payment invoice.img (contains "payment invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b85dab6f01b2a8b407057d4c98fdfa7186d3b1c5e296209b4798eb2f7fa6d314/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:04:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xbo2w3ybwkulibyfpvgjr7p2ogdnhmof4klcbg2htdvs675g2mka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img b85dab6f01b2a8b407057d4c98fdfa7186d3b1c5e296209b4798eb2f7fa6d314

(this sample)

FormBook

Executable exe a361c3ef57783d4012857a289d088c19682187bb0b6f15eabb73865d1d54e180

  
Dropping
MD5 3b2135422ad7974f674d9e3afffa04e7
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a361c3ef57783d4012857a289d088c19682187bb0b6f15eabb73865d1d54e180

Comments