MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df52c1042c3bf7ca6f13e76b04ab8f82f8aa70ac9fd131545794fa5631e08a3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df52c1042c3bf7ca6f13e76b04ab8f82f8aa70ac9fd131545794fa5631e08a3a
SHA3-384 hash: da9610de04e1c41d64691b406e3f3caa70943575acc7c10e6d7e3503bc793a01d9e293de3341b8a4e9e083cff63426dd
SHA1 hash: 4eabee72fa19ab502adcf091420831b8a85dde00
MD5 hash: 3b6f119ea9ce245786f44201e62cc7e9
humanhash: illinois-gee-orange-autumn
File name:Payment Notification.pdf.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:238'929 bytes
First seen:2020-05-22 14:10:58 UTC
Last seen:2020-05-22 20:34:07 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:pqV7sW0GzsTDamEv92ReiwbHmvMW6W7//iS:QeEsTubvNiymkWx/P
TLSH 443423051F3428E5CDB65CAE860D06A7A8D8FE4C4FD43E23979235B421636C7A1E5EB8
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: srv.polarbearcreative.com
Sending IP: 77.235.58.77
From: <noreply@fnb.co.za>
Subject: Payment Notification
Attachment: Payment Notification.pdf.zip (contains "Payment Notification.pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 14:36:03 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip df52c1042c3bf7ca6f13e76b04ab8f82f8aa70ac9fd131545794fa5631e08a3a

(this sample)

Formbook

Executable exe 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f

  
Dropping
MD5 8cedb9db8e9bcb5d32def1faf7d83bb5
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f

Comments