MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc6e791750023757b6cea998a8d3b472a441ba936c243eb9423a97fd9809a864. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc6e791750023757b6cea998a8d3b472a441ba936c243eb9423a97fd9809a864
SHA3-384 hash: e6298fe40d64826d357d0a497bf552ab58ee53c47936398be718146acc2e92044a567493082f7ede6399c984e259055a
SHA1 hash: c6d0477de66b8746c5bd03804a6d0c696e53635f
MD5 hash: d71ba7931c7336d53546fc11a7d0560a
humanhash: solar-white-alaska-freddie
File name:POrder65764_pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:189'805 bytes
First seen:2020-06-02 06:50:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:JIbaDg98JObxaK6cS1zi1RS3dQ/9Z9wOJM/s9nNCCsBzwsdqXzibZCHoCKtW82Lj:1Dg98JO7Vsd49Dw6MI+Bzrcz4CHKwfLj
TLSH AF0422181EC849E9FF9243B1EB5665CB28A34A90BEA716F3CD97C0F0D600EF5592506F
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: box.alaskerparkers.co.uk
Sending IP: 192.236.194.95
From: sales@alaskerparkers.co.uk
Subject: urgent order #1380
Attachment: POrder65764_pdf.zip (contains "POrder65764_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 08:22:50 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7rxhsf2qai3vpnwovgmkru5uoksedoutnqsd5okchkl73gajvbsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip fc6e791750023757b6cea998a8d3b472a441ba936c243eb9423a97fd9809a864

(this sample)

FormBook

Executable exe 6a277e9e2f6049fb8009d2f139a217b53da1448d7ca5c4da751336bd00d44ae1

  
Dropping
MD5 5db578fbde7a2e75f7ab456d0c77d514
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a277e9e2f6049fb8009d2f139a217b53da1448d7ca5c4da751336bd00d44ae1

Comments