MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 407d750dc0528f60f1f1a3af8805723d8b5dc2dcb0368606e154ffd7d8dd024a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 407d750dc0528f60f1f1a3af8805723d8b5dc2dcb0368606e154ffd7d8dd024a
SHA3-384 hash: 21c04b33e900efcbfefafee86b56419b46d910afb8a8def643685f2c9061a59e5f6f0bc212013361d055a4f222fcc364
SHA1 hash: 676d51db4572bb3bb07ee69489da8f8f854e3c11
MD5 hash: b44762208bb272082a4c4102046936ec
humanhash: east-solar-solar-spaghetti
File name:PLanilla deFacturacion Mensual 2020.img
Download: download sample
Signature FormBook
Create hunting rule
File size:1'310'720 bytes
First seen:2020-05-27 12:12:50 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Ai8qmDnPyX8ylwhz8n4l7OUrYqYwYTtlNdUJIP0rExD7pxj6NuIcezY:vBeyXKx8n4IUrWtVQlrEF9xMH
TLSH 7F558D1EE2E04436F1671A3C9D1B5774982DBE102A2869466FE8DD4C9FF934D3C362A3
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.220
From: Julieta Campitelli <JCampiteli@newtral.com.ar>
Subject: PLANILLA DE FACTURACION HASTA ABRIL 2020
Attachment: PLanilla de Facturacion Mensual 2020.img (contains "PLanilla de Facturacion Mensual 2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:35:09 UTC
File Type:
Binary (Archive)
Extracted files:
274
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 407d750dc0528f60f1f1a3af8805723d8b5dc2dcb0368606e154ffd7d8dd024a

(this sample)

FormBook

Executable exe e825c5b9c196015372cc2153f670cdfec42827fe20aff62c5d493b67fd9c92f1

  
Dropping
MD5 97be044955d080bdba4224e60e0cb4ab
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e825c5b9c196015372cc2153f670cdfec42827fe20aff62c5d493b67fd9c92f1

Comments