MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee6bba348ab6af06c39f1d5b2c121b9c1290af1b27bc40e0f29a243d61ecc747. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee6bba348ab6af06c39f1d5b2c121b9c1290af1b27bc40e0f29a243d61ecc747
SHA3-384 hash: 13ad011191ea9677edb2b94a1443663133b1598bea44f9b55755a7acbe1156571d3f2ae41603beface211522054f0aa0
SHA1 hash: 7d2dafc535b24c4507136de71fdf380ce1d040cf
MD5 hash: 0f463cd1b60397c79fd8f080734e398f
humanhash: north-oklahoma-august-london
File name:Purchase advice and details.img
Download: download sample
Signature FormBook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-09 08:00:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:bk7Yi4Xj/tQBWi/y67k86oxVOwBIw8sSJ3/DhMBIv7PnOqDyGM:S14/oDnsUgk5Y7byGM
TLSH A245AE26F2E04433F16216398D5BD77C9836BE113A695A473BE8DD4C9F3828138672B7
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: box.restrandy.xyz
Sending IP: 67.205.168.118
From: Mel Ciampa <ewe@eastwestenterprise.com>
Reply-To: Mel Ciampa <melciampa@propertylawcompany.com>
Subject: Re: Updated Contract and purchase memo
Attachment: Purchase advice and details.img (contains "Purchase advice and details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.6016.5488.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee6bba348ab6af06c39f1d5b2c121b9c1290af1b27bc40e0f29a243d61ecc747/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 08:02:13 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5zv3unekw2xqnq47dvnsyeq3tqjjbly3e66ebyhstisd2ypmy5dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img ee6bba348ab6af06c39f1d5b2c121b9c1290af1b27bc40e0f29a243d61ecc747

(this sample)

FormBook

Executable exe aea480ebd5777e840f0b988267554fe1d35f70238bed009231b24475fdc0b0d9

  
Dropping
MD5 8c49a740ef92731629ce744ca1fece7b
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aea480ebd5777e840f0b988267554fe1d35f70238bed009231b24475fdc0b0d9

Comments