MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9e7e7a61dd59b8d030c1cee08c29c937509daf8754ff1e9b2cd89c058934ca5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9e7e7a61dd59b8d030c1cee08c29c937509daf8754ff1e9b2cd89c058934ca5
SHA3-384 hash: 2d4d73fbb7c07b9586565eaec2ae3c2cb4399e0848a093e7605bb2d1c3d5f5f84d4c92bdba87b5784870ebdb0202383a
SHA1 hash: 04ae69e98619f605f2cf0e5f6241561a53ac0247
MD5 hash: 5d4f0a1ea5147746492c15e32f887aa6
humanhash: pluto-east-london-berlin
File name:CDE 18449.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:458'059 bytes
First seen:2020-07-21 06:49:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:PlP82Q0brOKd25hj3xSYx7rWGPr15ulhNZ9ajoeaq4sV8MHLxnIhSUDHsSPCV0Aw:PNqKKhj3xRPT7ulhNgxajSlnIVJY0Aeb
TLSH BBA42336770394F6050CE82720942F731C6D0BBC680AA9D6DD07DC6A71ADA8E95DEC9F
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: zeus.hoswedaje.com
Sending IP: 5.57.226.248
From: comercioexterior@eurotransis.com
Subject: Demande de prix très urgent
Attachment: CDE 18449.zip (contains "R330892136.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9e7e7a61dd59b8d030c1cee08c29c937509daf8754ff1e9b2cd89c058934ca5/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:51:09 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zht6pjq52wny2aymdtxarqu4sn2qtwxyovh7d2nszwe4awetjssq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c9e7e7a61dd59b8d030c1cee08c29c937509daf8754ff1e9b2cd89c058934ca5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip c9e7e7a61dd59b8d030c1cee08c29c937509daf8754ff1e9b2cd89c058934ca5

(this sample)

FormBook

Executable exe e6ec516f652708d86ea17dfa8a860550a6be97d1d2c886d67c5bc1e2ad5a2ccd

  
Dropping
MD5 6e89c640c74bccc57fa7552e9012ffd1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6ec516f652708d86ea17dfa8a860550a6be97d1d2c886d67c5bc1e2ad5a2ccd

Comments