MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27cda326915cd1791b2e76dd6566864b23043d1cbe30cf2c1f37919305177ff9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27cda326915cd1791b2e76dd6566864b23043d1cbe30cf2c1f37919305177ff9
SHA3-384 hash: 7feedb8e521932ebcf44643ac649cd949173f28fc982405df8ac1679171b6433d7b87861d5db063bdd949552acdf6dac
SHA1 hash: 9efbb352aedb2a2c4be925f85aff86156a8fd68e
MD5 hash: bcc15f48f9880adf0a793fdb4091eec6
humanhash: artist-friend-johnny-sad
File name:RFQ - RFQ200006- PO2006-02044.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:436'718 bytes
First seen:2020-06-03 10:48:20 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:mGn0NMQykrojh/0a/OfyJdskWloGad9DQs:mGn0eIroj90a/JdskCTs
TLSH 5B9423ECEEE02B91605973A1F3783DA2C5E1A7CBDC82552D70E358C5C3672D49BB8252
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: imail.zerospam.email
Sending IP: 213.136.90.47
From: Ganesan <dilukshi@imro.lk>
Subject: RFQ - RFQ#200006
Attachment: RFQ - RFQ200006- PO2006-02044.gz (contains "RFQ - RFQ200006- PO2006-02044.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:00:10 UTC
File Type:
Binary (Archive)
Extracted files:
295
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7g2gjurltixsgzoo3owkzugjmrqipi4xyym6la7g6izgbixp74q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz 27cda326915cd1791b2e76dd6566864b23043d1cbe30cf2c1f37919305177ff9

(this sample)

FormBook

Executable exe 3beb95c4f83e5f7d1af897311a6cd1d8abfb04c656ca73d7f4c8db6ad6e5d150

  
Dropping
MD5 be7ee52206a42e631960e3b64deda005
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3beb95c4f83e5f7d1af897311a6cd1d8abfb04c656ca73d7f4c8db6ad6e5d150

Comments