MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2cae38f605d546b4898e0cc7e0a641c0eca70d57b1cd4a0ee255e421597f580. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: d2cae38f605d546b4898e0cc7e0a641c0eca70d57b1cd4a0ee255e421597f580
SHA3-384 hash: afa425206a90f811738970394a3fd1a9963de55bb642b263187ea00802395f9407b224e2598ce9fbc0f86fc4762a89a8
SHA1 hash: bf531da57d27f91d415babf1ab4aa397f5446b9a
MD5 hash: 8dae60adb7ab2184074c938933801f6e
humanhash: lamp-virginia-king-cardinal
File name:Confirmation voucher.rar
Download: download sample
Signature FormBook
File size:953'243 bytes
First seen:2020-07-31 09:24:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:1llb7kv0VXCOW2LJw9WiFXpZT7hdwJkKKqa6FBudEh:flnk4BWoJw93Xbw6XqaWI4
TLSH 191533F4EB35481C53CA603F2494798AD67F5BF216B048A8BD72BAFC3904BD06995A0D
Reporter @abuse_ch
Tags:FormBook rar


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: linux997.grserver.gr
Sending IP: 95.216.13.58
From: BOOKING.COM <admin@booking.com>
Reply-To: finance.booking.com@outlook.com
Subject: GROUP CONFIRMATION
Attachment: Confirmation voucher.rar (contains "Confirmation voucher.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Spyware.BtcWare
Status:
Malicious
First seen:
2020-07-31 03:49:43 UTC
AV detection:
19 of 48 (39.58%)
Threat level
  2/5
Threat name:
Trojan
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar d2cae38f605d546b4898e0cc7e0a641c0eca70d57b1cd4a0ee255e421597f580

(this sample)

  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments