MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e92a120d18ee1a58baaf6e595b0ae357b61603e87c659f739fa4fa2b163e2f4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e92a120d18ee1a58baaf6e595b0ae357b61603e87c659f739fa4fa2b163e2f4c
SHA3-384 hash: 63f0b707c3df592e3159442268770a6c4919e665f8bd187c9bbcda954bd60386b26bd74f5e37e3e00ba5c8524dcdbeca
SHA1 hash: 5054d2746957cf3942bdcb0b344509bd111538d2
MD5 hash: 4c4c158f12724905222c267e8d1b6e31
humanhash: item-sink-sad-october
File name:MAERSK LINE SHIPPING DOCUMENT_pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:807'301 bytes
First seen:2020-05-13 11:15:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:hMj18UsWqU5w85Be7IQHQZg2oJ5Lp2FcnNO0anFlAqEA2zY0F+u5of4zjw5:hWeya85Be0bZgj4F4WFeq92fW2A
TLSH 6D0523EE32DDD783E66A7F2360C39C360122ED26B515988B1D58D29CA68209E13F9F15
Reporter abuse_ch
Tags:FormBook Maersk zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail0.61.menxtinuon.casa
Sending IP: 161.35.65.177
From: Maersk Line <service@maerskline.com>
Subject: MAERSK LINE SHIPPING DOCUMENT & DELIVERY LOCATION FOR B/L NO. 968125657 ETA
Attachment: MAERSK LINE SHIPPING DOCUMENT_pdf.zip (contains "MAERSK LINE SHIPPING DOCUMENT_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:37:25 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5evbediy5ynfrovpnzmvwcxdk63bma7iprsz6447ut5cwfr6f5ga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip e92a120d18ee1a58baaf6e595b0ae357b61603e87c659f739fa4fa2b163e2f4c

(this sample)

FormBook

Executable exe c9f7661a1a814820db663d5a916abd38a6c824429542e8b833c9a4e67974ac80

  
Dropping
MD5 02f3dd181b123143ea71d5378b3fbe80
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c9f7661a1a814820db663d5a916abd38a6c824429542e8b833c9a4e67974ac80

Comments