MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69dc30b9f947be0f92d8eff9878aed111976121ee90d7a939a02ab3361f30769. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69dc30b9f947be0f92d8eff9878aed111976121ee90d7a939a02ab3361f30769
SHA3-384 hash: e0658cd6ae6da92df7ff6c83bc30158f0da9344da313399e9436c26ab15c745a1f9a53577d27be29da7328d8c52d32a9
SHA1 hash: 8d227ade0adee7c5ebdbc4cea5727eb0d672f678
MD5 hash: aa2317d08e297ba771e3e6ec6b9cf793
humanhash: diet-pasta-jupiter-yankee
File name:Payment Invoice.img
Download: download sample
Signature FormBook
Create hunting rule
File size:1'638'400 bytes
First seen:2020-05-27 18:22:52 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:nF9RJXcYTBbuQL4BTbHcZd2uvXW8/Z1rbi6Ty9tVECo1n5js:F9RJXcYTtuQURLc3lW8/zm6TyiN
TLSH 8B751392F0ED68A2FD0609FCC4AF95F4A3427CD06751005B35BEBDD67B79690813E82A
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: in.infoappli.live
Sending IP: 45.95.171.15
From: mohamad.sabouneh@moodfit.com
Subject: New Order RFQ 27052020
Attachment: Payment Invoice.img (contains "Payment Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.41295.14292.28702.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:15:20 UTC
File Type:
Binary (Archive)
Extracted files:
28
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 69dc30b9f947be0f92d8eff9878aed111976121ee90d7a939a02ab3361f30769

(this sample)

FormBook

Executable exe e6742b128af4b17cd984a3f2afdfda113499d12ba372085492fc0ad0fb4a83f5

  
Dropping
MD5 0ed843e653a5a567aa8316e4a879f011
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6742b128af4b17cd984a3f2afdfda113499d12ba372085492fc0ad0fb4a83f5

Comments