MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8
SHA3-384 hash: 59c14f445fb5e14bdf609336a0bb4fa7198fa383a7fb03d92c6961bb1a5f5ad4cb0d915ae37dc7b5e801790e6880b0b6
SHA1 hash: 49d4979a90323c4534e164fd0f68e571c923eb9e
MD5 hash: 1860f23b3a2224d9d70f8876b1b8ac78
humanhash: four-hamper-golf-dakota
File name:01986720202889.pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:1'285'667 bytes
First seen:2020-05-20 12:17:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:LF6m8ftrtN/ugM48m1MtzcOWCaxGYWmIVN7rLTV6u/7+V4ROia2tcGT7M8:DYNa47JVYLVBLTn7+6/TWC7M8
TLSH 715533BA6BAED176D7DA407F88E1A42030971DD1CF5584285DB009FCCBEB3CD866B209
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: new3gc.dnsracks.com
Sending IP: 96.127.128.157
From: Miƛkiewicz Mateusz <mmiskiew@pl.hellmann.net>
Subject: Re: Fw: shipment from Poland FYZ 3059 (shipment from Poland FYZ 3059)
Attachment: 01986720202889.pdf.zip (contains "01986720202889_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:30:58 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=erji4ckhve7g3dmtbiimeat243c3suc2ijt4frfsxfxh7tzknc4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8

(this sample)

FormBook

Executable exe 72e42f1672249fbd4db20c17d5e29fba5838ef08cf0f6964d84ffc434ea46f27

  
Dropping
MD5 0cf7425537bc937147f3e4bb528c0c4d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 72e42f1672249fbd4db20c17d5e29fba5838ef08cf0f6964d84ffc434ea46f27

Comments