MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d65e497a5fd1c02c83a04fba5cd07130ac17bda7b476ee70a0bf8202eed4be5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d65e497a5fd1c02c83a04fba5cd07130ac17bda7b476ee70a0bf8202eed4be5
SHA3-384 hash: c52e83944fd0ce30d74d886eec863e4d3b81d8e977d6e07a88f8c59405b42e51e4e4957a57b9032cf7fc5aba41937ce5
SHA1 hash: 76024516e9c136bc0639e0f2f0e337940496c46c
MD5 hash: 18a6ac01533cce7b53a04314810349c1
humanhash: fourteen-kilo-three-purple
File name:muestras de productos.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:281'564 bytes
First seen:2020-06-18 12:42:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:PNeSsFTXSwEQ6dh+mg88Z/Jvz7TAiJBnuZj3biX9JF:wJulh+380Jvz7MYnej3bM9JF
TLSH 635423DD667F20BAC70E2BD8E88E055C4E4A78F76872D4CC88C06326BEDE5D56814A0D
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: srv1.langa.tv
Sending IP: 185.31.65.178
From: rgomez@fehlmex.mx
Subject: SWIFT DOZNAKA: ODRI PRINT DOO VALJEVO
Attachment: muestras de productos.zip (contains "muestras de productos.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 13:36:23 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dvs6jf5f7uoafsb2at52ltihcmfmc662pndw5zykbp4calxnjpsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 1d65e497a5fd1c02c83a04fba5cd07130ac17bda7b476ee70a0bf8202eed4be5

(this sample)

FormBook

Executable exe 9b9931b133a5a15ee73de2ffd8b6f2f7b80e834cf4a3cf17f030c479b21abf9b

  
Dropping
MD5 085e4e06334e8dbab10d45a5dd96c72e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9b9931b133a5a15ee73de2ffd8b6f2f7b80e834cf4a3cf17f030c479b21abf9b

Comments