MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b876d5696574f4707ffb9770a895e06272fb61bc1de33450c0a9bc431024cecd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b876d5696574f4707ffb9770a895e06272fb61bc1de33450c0a9bc431024cecd
SHA3-384 hash: 1264308a39f5d99ecf3cc42cc34a10ab3a485a91dc23644e62458ae1f58c83825e4051bb51afd40d6aee6e21e9763e06
SHA1 hash: dc0526276876a8ac754943f2cf3103a950e947d5
MD5 hash: ee5bf3a5f81f6c2a1bc695a17255c57e
humanhash: uniform-tennis-solar-october
File name:PURCHASE ORDER KG5-38247.r15
Download: download sample
Signature FormBook
Create hunting rule
File size:271'235 bytes
First seen:2020-05-19 05:34:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:XEUJ4K38ODaRWgHlqktsze2rm8/XaldNyhQ0auLuu:XEUhsODaRWgHl9t86dNyizXu
TLSH 6A4423D05E273D57B328EB51F65F9B6D48A23AAA0E45F612FB70780BE0B531D4501E0E
Reporter abuse_ch
Tags:FormBook r15


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: se.servaidot.live
Sending IP: 45.95.171.205
From: Mai Quang <info@servaidot.live>
Subject: ORDER STATUS & KG5-3954
Attachment: PURCHASE ORDER KG5-38247.r15 (contains "PURCHASE ORDER & KG5-38247.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Gdsda
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 23:42:40 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xb3nk2lfot2ha773s5ykrfpamjzpwyn4dxrtiugavg6egebez3gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip b876d5696574f4707ffb9770a895e06272fb61bc1de33450c0a9bc431024cecd

(this sample)

FormBook

Executable exe 2c6acd5aa7ce2eaff49cad6dd4168715e344888dcae66b35d7c6af6729a7952e

  
Dropping
MD5 8aefb5001d2b26a2112fd2e1284bd7c1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2c6acd5aa7ce2eaff49cad6dd4168715e344888dcae66b35d7c6af6729a7952e

Comments