MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67f4eca521110c92fd50115f70c88c01b2688f1dac4c31ce1aefc095a4e20885. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67f4eca521110c92fd50115f70c88c01b2688f1dac4c31ce1aefc095a4e20885
SHA3-384 hash: 714369273d19f92a66bf8e62a59b3f19a7581351ece9162ed3fe92a866664e953fb50af37431d8f908f265b65477713b
SHA1 hash: ae55ee58ef0c3f9b19680248101e3191fffa54d4
MD5 hash: 72293d7f3388e92dfa00e476b930db31
humanhash: lactose-summer-grey-johnny
File name:AWB-INV4988376007345.pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:312'270 bytes
First seen:2020-06-25 08:55:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:yGQCjYX+s8mnPw2G5w0TuB2QO4eUXZnUJSYYsmpQ:KC0X+InPw2G5wp2QZn2/H
TLSH 756423FF52605642A3CE2AB8C281B25A05326942734E295FD2CB64371D0D7E77395FEC
Reporter abuse_ch
Tags:DHL FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dhl.com
Sending IP: 209.58.149.66
From: DHL EXPRESS <dhlexpress@dhl.com>
Reply-To: jhwang.allmedicus@gmail.com
Subject: SHIPMENT NOTIFICATION
Attachment: AWB-INV4988376007345.pdf.zip (contains "AWB-INV#4988376007345.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.181bf63f744587d9.5579.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67f4eca521110c92fd50115f70c88c01b2688f1dac4c31ce1aefc095a4e20885/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m72ozjjbcegjf7kqcfpxbsemagzgrdy5vrgddtq257ajljhcbccq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 67f4eca521110c92fd50115f70c88c01b2688f1dac4c31ce1aefc095a4e20885

(this sample)

FormBook

Executable exe 07d614e422ec5b2dbd4c0fbe9232bd0e06bc2e910bad7a6f8721eec2a2c608ae

  
Dropping
MD5 b9df77bdf2d3823caecd22035929751f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 07d614e422ec5b2dbd4c0fbe9232bd0e06bc2e910bad7a6f8721eec2a2c608ae

Comments