MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66d8149f2c6f2d606703fedf6a54a02e47cec6107ddffdb2abb82a9d467a7c8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66d8149f2c6f2d606703fedf6a54a02e47cec6107ddffdb2abb82a9d467a7c8c
SHA3-384 hash: 72ceed725ac3b97f1326d477b8964f997e98e9391d9cb2966c3bcb3654f59d7b5f12e43b14638222d16a00c123536195
SHA1 hash: c4cce8e73e70cc60ef85c120a29361d5693fc831
MD5 hash: 0faa76e12234c8c96ac9aec645b0d316
humanhash: eight-william-potato-item
File name:Invoice001.img
Download: download sample
Signature FormBook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-08 06:57:53 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:+yHIJW2vjzl8nx5lSnynK/90H4Bj737CD2mGkPT6TItms:HQrzRnynWL7sGqeT
TLSH 4645DF127B7480B2D1AF2A380D529956AE3775E365AEC4E2734C0254CF5CEB08C662FF
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: postalgaspetenergy.net
Sending IP: 139.28.38.208
From: Jane Kim <info@nanohelix.org.net>
Subject: 재 : 지불
Attachment: Invoice001.img (contains "invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:59:05 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m3mbjhzmn4wwazyd73pwuvfafzd45rqqpxp73mvlxavj2rt2psga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 66d8149f2c6f2d606703fedf6a54a02e47cec6107ddffdb2abb82a9d467a7c8c

(this sample)

FormBook

Executable exe 91697cd8a51a4ae62a60c66519eabd0a4f5160fa409fa1f6837f40c448eccc05

  
Dropping
MD5 7228a87cd4f63cd1ef067a49f01d8f8e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 91697cd8a51a4ae62a60c66519eabd0a4f5160fa409fa1f6837f40c448eccc05

Comments