MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09d668230d38178c2236431f5bf637ff72e8b70db4289f6488c0fe24c4a6df5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09d668230d38178c2236431f5bf637ff72e8b70db4289f6488c0fe24c4a6df5f
SHA3-384 hash: 8f323948937a1505d26fe0b409149622d1585065d6f4264b3119b0828219ed7c5e12ccee5b90a05f0674a825b287c5c6
SHA1 hash: 0982242c9376bf1dff754acff8c837a7461e1059
MD5 hash: 32afed0f23868035bcdd8468504be7c6
humanhash: edward-crazy-five-kentucky
File name:New_00998877668.xls.z
Download: download sample
Signature FormBook
Create hunting rule
File size:489'938 bytes
First seen:2020-05-05 10:11:37 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:otyJNyxVYMeO/MPh5kpJZq6dfC4QXfbnV3vcF1z0JZHLgPb:otyJ6mMeO/evN8Cvh3Kz+xcj
TLSH DAA4230834E5D909A8B6FDF9BA8EEDCD04AA5BD6FE1EFBD48C9735264193405D40C903
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.illaulna.com
Sending IP: 45.95.169.82
From: Satheesh M <elias@pinchgourmet.com>
Subject: Order confirmation for hanyurwagerd
Attachment: New_00998877668.xls.z (contains "New_00998877668.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.EJXE.15635.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Inject
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 10:36:22 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bhlgqiynhalyyirwimpvx5rx75zornynwquj6zeiyd7cjrfg35pq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z 09d668230d38178c2236431f5bf637ff72e8b70db4289f6488c0fe24c4a6df5f

(this sample)

FormBook

Executable exe 6fc9f21abe34724c6ef2f0d08abe3aaef6f5dd4c18b365647787fe125626b91e

  
Dropping
MD5 33d86f0b596b8e350000986ecca99b9e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6fc9f21abe34724c6ef2f0d08abe3aaef6f5dd4c18b365647787fe125626b91e

Comments