MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6145d6cc40e42b0940ab9990445277eb9101d48638ee9726bef58bafb8f272a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	6145d6cc40e42b0940ab9990445277eb9101d48638ee9726bef58bafb8f272a6
SHA3-384 hash:	4632145b8e9833eb0fb9d2cb11a6a2a787c9bbc312d3036c9f1c0aa96f034a9c3834998ce25fbb70bec934d2cbde7103
SHA1 hash:	d8f8424fd1f5f419b129e5307c8bd242337e0825
MD5 hash:	cad97965ae310597547785d73a5ad5ee
humanhash:	red-item-orange-washington
File name:	Our New Order August 14 2020 at 2.30_PVV440_PDF.img
Download:	download sample
Signature	Formbook Create hunting rule
File size:	1'245'184 bytes
First seen:	2020-08-14 08:55:01 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	6144:PmZ7XUYP+LT5oegvSqUkCZ7XtV4CBKCC1Z9cN3x9fTts:y7XUDLT5oFv7UFZBSFf1ZipfTu
TLSH	2545F08667D39551C4BA363343B1930502E5C35612A3CB69F89F03AB6F63FFD66429C8
Reporter	abuse_ch
Tags:	FormBook img

abuse_ch

Malspam distributing unidentified malware:

HELO: hosting4.kmtiendas.com
Sending IP: 37.152.93.84
From: Jana Azih <jana.azih@getinge.com>
Subject: RE: AW: Our New Order/Enquiry No.00127
Attachment: Our New Order August 14 2020 at 2.30_PVV440_PDF.img (contains "Our New Order August 14 2020 at 2.30_PVV440_PDF.exe")