MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 312bb0be07d0e7fb5ad4c6ae3596179ec2f7ba39f18d5abde32c328913c0d2f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 312bb0be07d0e7fb5ad4c6ae3596179ec2f7ba39f18d5abde32c328913c0d2f6
SHA3-384 hash: 1a8342e9c748274ce588a919a314d09a516a13e2af9e2272c4584b7e88272703a86bb56353edfa92e7e9455a8f44b12a
SHA1 hash: cb0d5eeca49597a5c480565ea1abe2fc4e1e7053
MD5 hash: fcb262ef6c42ff8f6e22b3311e1a6ecc
humanhash: three-social-crazy-march
File name:Zahlung-06.11.20.pdf.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'507'328 bytes
First seen:2020-11-07 10:06:18 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:+VKdZyObtOG0OHttZpOohFSsymCpiuyWKNpaj31N7r+9o6YfBBqN8LX:+VMHwG0ON514iuyWEpaj+nYpg
TLSH 0C658D22ADA04837D43336388D1B5A646F267F712DB46E4667EC3D0B7F79782381528B
Reporter abuse_ch
Tags:DEU Endurance FormBook geo img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: gateway4.unifiedlayer.com
Sending IP: 69.89.23.228
From: Paytec GMBH <infos@aos-stahl.de>
Reply-To: citrroen.gouws@gmail.com
Subject: Zahlungsaviso
Attachment: Zahlung-06.11.20.pdf.img (contains "Zahlung-06.11.20.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BackDoor.SpyBotNET.25.3911.4845.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/312bb0be07d0e7fb5ad4c6ae3596179ec2f7ba39f18d5abde32c328913c0d2f6/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 07:56:00 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gev3bpqh2dt7wwwuy2xdlfqxt3bpporz6ggvvppdfqzise6a2l3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 312bb0be07d0e7fb5ad4c6ae3596179ec2f7ba39f18d5abde32c328913c0d2f6

(this sample)

Formbook

Executable exe f413624c125a8e6e6e8f4ece883a646fe784bc5a8f4f21185da1df43adc76da1

  
Dropping
MD5 ce9456b4b5deccd2f6d9465482326a4a
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f413624c125a8e6e6e8f4ece883a646fe784bc5a8f4f21185da1df43adc76da1

Comments