MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara Comments

SHA256 hash: 65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9
SHA1 hash: c23ebfec4a59e85985dabe251390a195ce3d43ca
MD5 hash: 52b9520f67483c03673b18e500cdb728
File name:PO C10090.exe
Download: download sample
Signature FormBook
File size:316'416 bytes
First seen:2020-05-23 11:18:36 UTC
Last seen:2020-05-23 11:46:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:/F4qHsOJTG6epgfH6mxY3pRvqtjhxz3I92lYsgNKtLXxjr:/F4q4PCBO3pRSHxjIYl6Sj1r
TLSH 8E64E20AA2C863EED02C877D2CA0341217737E56355AEF194E5672DE66367C20631FAF
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: yisun.co
Sending IP: 111.90.159.196
From: Nicholas Akuku <benicaeasz@gmail.com>
Subject: PO
Attachment: PO C10090.zip (contains "PO C10090.exe")

Intelligence


Mail intelligence
Trap location Impact
DE Germany Low
Global Low
# of uploads 2
# of downloads 23
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.Hosts.47613.29165.14446.UNOFFICIAL
VirusTotal:Virustotal results 18.06%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments