MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d10c431a7c15c12c7db495531167d82321f21e3073db13dd5dd11c273fee711. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d10c431a7c15c12c7db495531167d82321f21e3073db13dd5dd11c273fee711
SHA3-384 hash: 92f0805d542121b4a72e5074b8ef95319b973d282d6c11f4fdba3c179e97075f7f382f0cd54954f61f9aa438ca36feed
SHA1 hash: 10a76a3d1863215e4a1baf91858d4d90024cddb2
MD5 hash: 09cb726f8bec19fe30e585e5fa938c4b
humanhash: nuts-table-happy-nuts
File name:PO 14544.uue
Download: download sample
Signature FormBook
Create hunting rule
File size:387'736 bytes
First seen:2020-06-06 11:12:20 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:IrsGcQFa+e3IGggmnGXYPKg15guToTychWaJLG/e8YVLf/kCYBK7njKzKRG9:XGHFa+2Y2gh5gu2ycbLKS7FYB4GzKR2
TLSH 318423ADDDE5BA524AD1C9DCEF406450124EAFA9F082EE6C403916346E7209A3D3CF7D
Reporter abuse_ch
Tags:FormBook uue


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: oak.superdnssite.com
Sending IP: 108.163.233.154
From: Shanzay Barlund<smtpf0xeo@nyandaruainterfaith.org>
Subject: PURCHASE ORDER 14544
Attachment: PO 14544.uue (contains "PO 14544.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-06 11:14:05 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nuimimnhyfobfr63jfktcft5qizb6ipda463cpov3ui4e47644iq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

uue 6d10c431a7c15c12c7db495531167d82321f21e3073db13dd5dd11c273fee711

(this sample)

FormBook

Executable exe c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348

  
Dropping
MD5 4d2fb973d84c8528bd40f4173e87dfc9
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348

Comments