MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e86308c80b2388857c1232fa3d33464bdd384f3bd03e7bf7dfc0651e651ab0b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e86308c80b2388857c1232fa3d33464bdd384f3bd03e7bf7dfc0651e651ab0b5
SHA3-384 hash: d146788658b9c670fba66c453f227a925e6165339b0fce2f855e853b86d36f24dc1d16e3ec0ef468d108add699f55842
SHA1 hash: 4039bd1f712f609d7c5328dc0f3bfec0b30f19d8
MD5 hash: 15c87ee35c2ab9da7644fef9ebf5250d
humanhash: jupiter-orange-whiskey-california
File name:SPD-P-2995 PKG BOILERS_pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:405'332 bytes
First seen:2020-05-14 06:00:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:xEZ5G6ggqRqvdRJTQFmf+79oN6EXYPd0kSi:aTggqI1RJ3+bWRji
TLSH EA84233B1F578E89E06472F4E09481D90EF8B35E7464AC1A5EB46390295E0DF8660FFB
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: hostdetrazos.es
Sending IP: 188.164.198.15
From: Monserrat Naranjo, Christian <Christian.MonserratNaranjo@woodplc.com>
Reply-To: Monserrat Naranjo, Christian <jessivafi@gmail.com>
Subject: SPD-P-2995 PKG BOILERS // RAW MATERIAL RFQ
Attachment: SPD-P-2995 PKG BOILERS_pdf.zip (contains "SPD-P-2995 PKG BOILERS_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 10:16:57 UTC
File Type:
Binary (Archive)
Extracted files:
319
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5brqrsaleoeik7asgl5d2m2gjpotqtz32a7hx567ybsr4zi2wc2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip e86308c80b2388857c1232fa3d33464bdd384f3bd03e7bf7dfc0651e651ab0b5

(this sample)

FormBook

Executable exe be4207b3c6def716919d01b666d9a78243730825f095b30edca4dfdae1f9096f

  
Dropping
MD5 f602dda1b7a23b77158e6971260046cf
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be4207b3c6def716919d01b666d9a78243730825f095b30edca4dfdae1f9096f

Comments