MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f
SHA1 hash: fcbcb2007364db52e8ffa4327d26293c885c45d0
MD5 hash: 8cedb9db8e9bcb5d32def1faf7d83bb5
File name:Payment Notification.pdf.exe
Download: download sample
Signature Formbook
File size:324'096 bytes
First seen:2020-05-22 14:11:00 UTC
Last seen:2020-05-22 20:34:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 255099a339a7f0c44ae1d5330f7354e4
ssdeep 3072:Ee56tbEjHbAxJzAW6EXXYicn6nvRytljFbJEKQpWzKkwYj/boKuUNZz78qvXCoze:E/tbjnzAW/oijnvR8FNxbeMpXDzdks
TLSH 2F64BE22B568963CD93FA0B47AC7DEE6DDC594E3603F5C5AC42CC109C92CA82C597277
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: srv.polarbearcreative.com
Sending IP: 77.235.58.77
From: <noreply@fnb.co.za>
Subject: Payment Notification
Attachment: Payment Notification.pdf.zip (contains "Payment Notification.pdf.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 3
# of downloads 30
Origin country US US
ClamAV PUA.Win.Downloader.Aiis-6803892-0
VirusTotal:Virustotal results 24.66%
ReversingLabs :No data

Yara Signatures


Rule name:win_nymaim_g0
Author:mak, msm, CERT.pl

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments