MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29ea8c9f14aac7977487757f317922907cfc194a39a961895593d1642a094123. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29ea8c9f14aac7977487757f317922907cfc194a39a961895593d1642a094123
SHA3-384 hash: 89dd643ca768c3e1096a8e74d068875de6bae2450fabaf7524f40ba93afa1a91ad81c6bae688788d930e50e8814f117d
SHA1 hash: f775718b9991bcadfd9d6f28ba18e70fc89a23e9
MD5 hash: 1c07e43cf584303bab56a1492f113029
humanhash: emma-alaska-papa-delta
File name:Scan Order copy 22-05-2020.pdf.xz
Download: download sample
Signature FormBook
Create hunting rule
File size:887'842 bytes
First seen:2020-05-25 12:16:44 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 24576:QbsDvqqBhIxHY85JfUzB18HCld169vQJ0Oal:RDvqAcHVqNTEvQ+h
TLSH 3F15330AEFAF71DF32C4458B5B48B52548095DE154BBE1E08FA2E378E610C72EBC7942
Reporter abuse_ch
Tags:FormBook xz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: group.sulfindo.com
Sending IP: 219.83.79.252
From: Ivan Cheung <ivan.cheung@sinoconnection.com>
Subject: Re: RE: PAYMENT BY SINO HK released on 22/5/20 // (PFL-SINO) Export shipment LCL
Attachment: Scan Order copy 22-05-2020.pdf.xz (contains "Scan Order copy 22-05-2020_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:36:49 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

xz 29ea8c9f14aac7977487757f317922907cfc194a39a961895593d1642a094123

(this sample)

FormBook

Executable exe 22948624c2febb3129079dfea0d1461ec0649c4f60ab69994876b9a8836a1142

  
Dropping
MD5 9128bd506102bd6373e9d176ba23586a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 22948624c2febb3129079dfea0d1461ec0649c4f60ab69994876b9a8836a1142

Comments