MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57697879c104d0cc6f88c25e5fa2f84d1227eb23c05efbd5d763b236fbcb1ed0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57697879c104d0cc6f88c25e5fa2f84d1227eb23c05efbd5d763b236fbcb1ed0
SHA3-384 hash: cf02cc45f77095c72ac451ec96b6abb5ab93cf5f3540dbec721179ac240db3e15465e47fb9f09647b1008f483648142f
SHA1 hash: bf0daacf1171a68ffc22904990e4e2ecbe316310
MD5 hash: c979fa80ac17326807029acc72f0335b
humanhash: undress-diet-fourteen-solar
File name:SHIPPING INVOICEpdf.z
Download: download sample
Signature Formbook
Create hunting rule
File size:577'716 bytes
First seen:2020-12-27 07:41:38 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:2AgM4E33OdS7iLF1jx8qi28im02doXp/xYIPwHl:2AHAn8qiDD02aXJjC
TLSH 14C42381270D57A75B3D9248D0D6AE7D46822F17748CF0A3E57FA76384AB6831E2371C
Reporter abuse_ch
Tags:DHL z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: elcon-in.com
Sending IP: 185.222.57.189
From: dhl express<Accountant@elcon-in.com>
Subject: DHL BILL OF LADING SHIPPING INVOICE DOCUMENTS
Attachment: SHIPPING INVOICEpdf.z (contains "SHIPPING INVOICEpdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57697879c104d0cc6f88c25e5fa2f84d1227eb23c05efbd5d763b236fbcb1ed0/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5uxq6obatimy34iyjpf7ixyjujcp2zdybppxvoxmozdn66ld3ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/57697879c104d0cc6f88c25e5fa2f84d1227eb23c05efbd5d763b236fbcb1ed0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z 57697879c104d0cc6f88c25e5fa2f84d1227eb23c05efbd5d763b236fbcb1ed0

(this sample)

Formbook

Executable exe 470d8938f9eedf84f9f75a9862f09d98bd0c9d265ede33a2f0983a5c26d17a7f

  
Dropping
MD5 25f41ab1a40a92f90e09c183a7dc61dd
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 470d8938f9eedf84f9f75a9862f09d98bd0c9d265ede33a2f0983a5c26d17a7f

Comments