MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc1357d4c62dd82f18e2fba5a9f496e8502389815211ed722ea598af195f727f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc1357d4c62dd82f18e2fba5a9f496e8502389815211ed722ea598af195f727f
SHA3-384 hash: 735010c07c7208f1db23ba3173b842c7ed5111bd0000d1ba0e7977da85c0275425b76bd7782f2183a133276961910756
SHA1 hash: f3d6155f0ba8bc61a138fdfa299ff286d063254a
MD5 hash: f6de22f7798772d3f46f19bce5a2ec67
humanhash: december-may-oregon-winter
File name:PAYMENT TRANSFER RECEIPT_PDF.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:213'207 bytes
First seen:2020-04-30 09:53:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+Z5tqQmmAYcH1K55pAQJokV0R6SKUM4BUI:OtMlYgK5TJlDSKU7D
TLSH 4F2412EE4E9E35880548ABE67038032A6E02087819EF4E7FDAD711C8D6DE1D75681DF7
Reporter abuse_ch
Tags:FormBook HSBC zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: slot0.creative-sour-co.ml
Sending IP: 64.190.90.116
From: info@pangaea-hk.com
Subject: FW: © HSBC Bank Payment successful 29042020
Attachment: PAYMENT TRANSFER RECEIPT_PDF.zip (contains "PAYMENT TRANSFER RECEIPT_PDF.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 10:32:42 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xqjvpvggfxmc6ghc7os2t5ew5bichcmbkii624rouwmk6gk7oj7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip bc1357d4c62dd82f18e2fba5a9f496e8502389815211ed722ea598af195f727f

(this sample)

Formbook

Executable exe 6963991b3f7b0d0870130058d1494481d64003e95bbb5fabfb024de68582c02e

  
Dropping
MD5 6fb8f65a82723453ec8959f31bf6f9a4
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6963991b3f7b0d0870130058d1494481d64003e95bbb5fabfb024de68582c02e

Comments