MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64183c54790ec5ece0e49999b0c4267124b473501a4b134771687cd26a3e0617. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64183c54790ec5ece0e49999b0c4267124b473501a4b134771687cd26a3e0617
SHA3-384 hash: cd0e6f87b5e1fd24df76c2c5e58387d8ba35a8b7f160c43f85c708b1d936e884ee209ae1a2f246e909f5a34b818f7a18
SHA1 hash: 5b04c34b53857cf3ac9ad60004509d8c01758a85
MD5 hash: 6586159f90c50af13ea66199b5ee17cd
humanhash: florida-coffee-queen-west
File name:Payment_Advice.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:443'669 bytes
First seen:2020-05-28 06:28:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:uuw1Uek356QQDJsoVSCjvm1lno+mIK1CciE7vPstun:ncUeksrDJOEvm1lnDeigyun
TLSH 6594238CEDC034608291049C0B6907B9A2679BADE3AE183DDF1EEAEE505215F76C5F5C
Reporter abuse_ch
Tags:FormBook SCB zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: terminal6.veeblehosting.com
Sending IP: 194.126.175.2
From: Standard Chartered Bank <AdvicesIN@sc.com> <amos@hexatech-my.com>
Subject: ADVICE FROM STANDARD CHARTERED BANK
Attachment: Payment_Advice.zip (contains "Payment_Advice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Artemis3956A314271F.14689.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20794.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 06:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
295
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 64183c54790ec5ece0e49999b0c4267124b473501a4b134771687cd26a3e0617

(this sample)

FormBook

Executable exe eefab144fefdb2883084329ab3755717ed6882b348eea18aa611a0a446c39f69

  
Dropping
MD5 1925a62510f501a5fcaf202f5e99301f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eefab144fefdb2883084329ab3755717ed6882b348eea18aa611a0a446c39f69

Comments