MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20aadf1fdc0397121dba79cef904d8c8dd8f6e2481d1fa2f3b2efb3e07705d15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20aadf1fdc0397121dba79cef904d8c8dd8f6e2481d1fa2f3b2efb3e07705d15
SHA3-384 hash: 70f9bcc1bea68e5d11e4598b1dfc480ad2e02c13924c23421e4096aec6748c5a64ffc5df521b783f73b805c3d5716626
SHA1 hash: ca464195eb1098d424dc747fd54140bb1407c28e
MD5 hash: 75334ee940041ba5c8bf03fb88c18bfd
humanhash: bacon-yellow-nitrogen-violet
File name:PI.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:228'818 bytes
First seen:2020-05-22 06:14:48 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:0qJNdGUVmehQ6F87Iot1KegrfxKuw58dKI8fet06nstzguwmSyPL3wXbgV3W9E3O:Bm56F2XteZBg8gIce5csE2oZwA1K
TLSH 0424235226F66BF7E41FACE8B51748FAFC380E9BEA705B0560095890EF0FC158919D4E
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ilezoni.pw
Sending IP: 173.82.238.171
From: Sales & Marketing. <info@ilezoni.pw>
Reply-To: franccmcleather@gmail.com
Subject: PROFORMA
Attachment: PI.gz (contains "PI.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 06:35:33 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz 20aadf1fdc0397121dba79cef904d8c8dd8f6e2481d1fa2f3b2efb3e07705d15

(this sample)

FormBook

Executable exe fabdc8295e6fe5127deac9b2854b28d0132d9eaac091f89652919fbd1f8ec863

  
Dropping
MD5 3a23cb2899ed05a3406dfafeda844d2c
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fabdc8295e6fe5127deac9b2854b28d0132d9eaac091f89652919fbd1f8ec863

Comments