MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50710b02dd867301e6bc59a75b775de1b2937a108c7c9e738b75b273a307acb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50710b02dd867301e6bc59a75b775de1b2937a108c7c9e738b75b273a307acb5
SHA3-384 hash: 4a9aea29f5a21a77593d3ccba2d2453d371046bb376966f7636811cb3b15fb670f8ece571691b9269ec184e30c351109
SHA1 hash: 4c0193568d30f0ebeced42e1d8fdae277d02b1ba
MD5 hash: 1da0302cb2ae50605f02f28177c94182
humanhash: alabama-don-green-mango
File name:00983989202068.pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:943'809 bytes
First seen:2020-05-25 12:16:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:NKgfoVf0ORDQAxx0VGC+Vebnng+v5RxNp1eiaOEBw7q:NKgfo51RDQAf0V1+AlvVNmit0T
TLSH 43153397F70189973D2E960A963C7D0A8771D87630C9638D7495FAA2CCCD16C371C8E6
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: emma.cloudserverhosts.com
Sending IP: 68.171.210.131
From: Eileen Yang <Eileen.yeng@hellmann.com>
Subject: Re: Shipment from China // Docs: BL-No: COSU6257686520
Attachment: 00983989202068.pdf.zip (contains "00983989202068_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AutoIT-3.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 50710b02dd867301e6bc59a75b775de1b2937a108c7c9e738b75b273a307acb5

(this sample)

FormBook

Executable exe f130cec484223c8a539691962d1f9cd065bb45776e25bb34037c64d89be0e9d5

  
Dropping
MD5 bf744ac1c3ad06ed758bf267cec03632
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f130cec484223c8a539691962d1f9cd065bb45776e25bb34037c64d89be0e9d5

Comments