MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7008ee8706eae555c67c397a6145135de3e8f1a862e8af1e98920fb368f4efe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7008ee8706eae555c67c397a6145135de3e8f1a862e8af1e98920fb368f4efe
SHA3-384 hash: 6014ec680958c7130697bc603cde85a928d8c924debf0ecce5dc29f048051241d55b98ccbb6c9b0491884acf132c661f
SHA1 hash: e4eefa21d9985a5e3a9793badb09a0ce497c3577
MD5 hash: c70e6a8288b0b31b3d5704a8b7f3a782
humanhash: fillet-river-oranges-potato
File name:Shipping Documents.uue
Download: download sample
Signature FormBook
Create hunting rule
File size:390'291 bytes
First seen:2020-06-12 14:24:28 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:NHFp6aPdfw1XtBYdJek7BeAW4vl/WchXvNwuCLx/gL+cTFFrZ3KoM0+//BqzzfMW:NH76aP2BYdFzJ9WchHCN/gL+Z/EXMG3X
TLSH E784231437EAA0769420723AF09DCDDB26AFEAF174A9553D1066CF33DCB911E049AF20
Reporter abuse_ch
Tags:DHL FormBook Outlook uue


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: NAM12-MW2-obe.outbound.protection.outlook.com
Sending IP: 40.92.23.68
From: Postmaster Team <vmangalsingh@hotmail.com>
Subject: ❶✉DHL Intraship Entrant Notice From No: P.O-00126020
Attachment: Shipping Documents.uue (contains "New Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 14:26:06 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y4ai52dqn2xfkxdhyol2mfcrgxpd5dy2qyxiv4pjreqpwnupj37a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

uue c7008ee8706eae555c67c397a6145135de3e8f1a862e8af1e98920fb368f4efe

(this sample)

FormBook

Executable exe 787e032a02ff81b42fa794cc31a55e149cee73a366fa3980bb8da4d05c511834

  
Dropping
MD5 e8e4b92c8e86c537870da9f455e5f04e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 787e032a02ff81b42fa794cc31a55e149cee73a366fa3980bb8da4d05c511834

Comments