MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0343e5c9552a7434e38469ba6a912fb409a65cf6707d14cf19b0b5ea04670fdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	0343e5c9552a7434e38469ba6a912fb409a65cf6707d14cf19b0b5ea04670fdb
SHA3-384 hash:	4d2359bccd62c06bfa427f9bbda21578b6c1e2055364f095ff573a44708889b5c708e837f3e1dfbbeaa6514cec14fddc
SHA1 hash:	b34c0de09c40ca8d127b73eee31edb5719629179
MD5 hash:	8c6b9180dda0f40064e03b5032b5168a
humanhash:	georgia-steak-stairway-failed
File name:	Purchase Order -263.zip
Download:	download sample
Signature	Formbook Create hunting rule
File size:	703'212 bytes
First seen:	2021-01-12 07:22:36 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:rRiyVHjsOKUi/eySnu4olgxYZodoRBr5SvE1uzqbQW5dp64ieHyhjtBH:rR5VIOq/eLnJhXMbSEVbQc3geSlb
TLSH	E8E423BEDE54034EAC660202D3680F7AA4C28B837545DB63BA96E1E54B7439E7F1D40F
Reporter	abuse_ch
Tags:	zip

abuse_ch

Malspam distributing unidentified malware:

HELO: [23.92.220.212]
Sending IP: 23.92.220.212
From: David R.E. Hale <sales@smart-sourcing.com>
Subject: Purchase Order -263 SMART SOURCING INC
Attachment: Purchase Order -263.zip (contains "Purchase Order -263.exe")