MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f5789de61eefef45f7dd1027b45d9edf6c5a294bfe66edae961f45f92bd85f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 4 Yara 2 Comments

SHA256 hash: 5f5789de61eefef45f7dd1027b45d9edf6c5a294bfe66edae961f45f92bd85f3
SHA1 hash: 2fb60eead2e3e95e641b37cfe2008eb375ec64c9
MD5 hash: 5f473e79452b073dc1cb2c49c40b662f
File name:cert.exe
Download: download sample
Signature Formbook
File size:331'888 bytes
First seen:2020-05-23 12:07:22 UTC
Last seen:2020-05-23 13:13:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:YsLit9epsH8xD3n75QcDzKsUnDf+qM3uHoQLx:+eNdQcHwhM3uI
TLSH 51649D263E824438D658C57214B9ACC3AD395B813AD1875F3FAFA3585E03B9E6B34D0D
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: vps.brightway919.com
Sending IP: 103.233.0.2
From: Brightway Trading Services <inquiry@bujan.com.ar>
Reply-To: sales@brightway919.com
Subject: REMITTANCE REVIEW FOR redacted@threatwave.com
Attachment: PI02843.doc

FormBook payload URL:
http://petrosklad.ru/order/cert.exe

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 27
Origin country CH CH
ClamAV SecuriteInfo.com.MSIL.Kryptik.WAJ.24669.UNOFFICIAL
VirusTotal:Virustotal results 22.22%

Yara Signatures


Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe 5f5789de61eefef45f7dd1027b45d9edf6c5a294bfe66edae961f45f92bd85f3

(this sample)

  
Delivery method
Distributed via web download

Comments