MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b913477c3cca0dac38f2204a3de4e9320758da8d0f250661f90faff93dbfc2af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b913477c3cca0dac38f2204a3de4e9320758da8d0f250661f90faff93dbfc2af
SHA3-384 hash: 11d8da829a04ef44ab73f57c817c1101e6951bfc8ba81a8f122c0464f283a4910a287e0afebc48c3580ff8617ea711ac
SHA1 hash: ebf27dde92fda9a3a8cb9b98c41b2a4e31fe0dd4
MD5 hash: 37276a7ba49b80ddb4de294fce0036ea
humanhash: single-ohio-finch-freddie
File name:Pictures.img
Download: download sample
Signature FormBook
Create hunting rule
File size:1'572'864 bytes
First seen:2020-06-28 07:36:52 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:ICcVhdV/AQxyzse6pqGWDO9xaAKWauiVre493ej:eDhqW/P4xQ
TLSH BA75A062F3414937D5331B784C2B63986926BE112E2C58467FF89E4C6F3A7417C2A2E7
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.navigosgroups.com
Sending IP: 45.95.169.34
From: Nicole Gapes<info@navigosgroups.com>
Reply-To: gapes.nicole@yahoo.com
Subject: Property Purchase & Leasing
Attachment: Pictures.img (contains "Pictures.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b913477c3cca0dac38f2204a3de4e9320758da8d0f250661f90faff93dbfc2af/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 01:10:52 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xejuo7b4zig2yohsebfd3zhjgidvrwunb4sqmypzb6x7spn7ykxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img b913477c3cca0dac38f2204a3de4e9320758da8d0f250661f90faff93dbfc2af

(this sample)

FormBook

Executable exe ebc834f47e93a0d4956fa6df736e7aca512df3f88d04d73d2ab8c469a28ad02a

  
Dropping
MD5 4468db744c417123bad8646bc7b25d4f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ebc834f47e93a0d4956fa6df736e7aca512df3f88d04d73d2ab8c469a28ad02a

Comments