MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5de5ccecbd75439fa62e08fb2594c2e9ccff76bc064ae99469618d26d905a5f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara Comments

SHA256 hash: 5de5ccecbd75439fa62e08fb2594c2e9ccff76bc064ae99469618d26d905a5f8
SHA1 hash: 641cfa4a887c976cd89cd0c66eca995864561be5
MD5 hash: 4dc689ad3e0f57b7f041eaccac52a049
File name:1GHBSI.exe
Download: download sample
Signature Formbook
File size:421'376 bytes
First seen:2020-05-23 11:10:43 UTC
Last seen:2020-05-23 11:46:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:i2GhNutBkiPG/JBavm9ma8OX8o44wyPdSn7dZBKHyPINJc4JKTQeyfHKq:i2iNXP/umMHOX8tyPdYwHLlgTdyf
TLSH C594E08A8A34033CD81D1EF79AFA1604033A5F5A456ED66A3E7470992DF33431A863DF
Reporter @abuse_ch
Tags:exe FormBook Yahoo


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: sonic303-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.131.42
From: sales Rine <s.rine85@yahoo.com>
Subject: : Fwd: Wire Transfer Payment
Attachment: 1GHBSI.rar (contains "1GHBSI.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 27
Origin country FR FR
ClamAV SecuriteInfo.com.LuheFihaA.10258.18436.UNOFFICIAL
VirusTotal:Virustotal results 40.28%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe 5de5ccecbd75439fa62e08fb2594c2e9ccff76bc064ae99469618d26d905a5f8

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments