MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72088a4067be923dfb277f1cd6283c7b2670014e68fd0b281ac4e74f4b5b6bf1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72088a4067be923dfb277f1cd6283c7b2670014e68fd0b281ac4e74f4b5b6bf1
SHA3-384 hash: 44f81a018e2c5299c9406efc0c401019b1cf47cb3a99004310dec1087e13be7fb3c71b07d2a36761ca352ef4ed12c1bc
SHA1 hash: 27b5616d98afa4d2854e2a6b035dbb6c1a8da719
MD5 hash: 4bf6525bd7f7cfd4801befec1bb5b8ad
humanhash: single-apart-pip-yankee
File name:Image 200319USD48742,55.pdf.ace
Download: download sample
Signature FormBook
Create hunting rule
File size:293'504 bytes
First seen:2020-03-31 13:40:20 UTC
Last seen:2020-03-31 18:47:14 UTC
File type: ace
MIME type:application/x-rar
ssdeep 6144:AyKydon2OeVxu8dCG9IpgQPHQE+n5Rk41KEx+iBDQcJiVHw0QZKsws8:rba4xuWH+SQ/t+5D8/I5MHwVCs8
TLSH AF542324C6B3AAB86AB9E2693F3EF4DB875B9007FDB44470141DA1B5C9834CCD7164CA
Reporter abuse_ch
Tags:ace COVID-19 FormBook


Avatar
abuse_ch
COVID-19 themed malspam distributing FormBook:

HELO: globalfactory.qa
Sending IP 67.43.239.166
From: Brittany Jester <info@globalfactory.qa>
Subject: Re:[## 10641 ##] COVID-19/BALANCE PAYMENT
Attachment: Image 200319USD48742,55.pdf.ace (contains "Image 200319USD48742,55.pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 10:07:43 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oieiuqdhx2jd36zhp4onmkb4pmthaakond6qwka2yttu6s23npyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

ace 72088a4067be923dfb277f1cd6283c7b2670014e68fd0b281ac4e74f4b5b6bf1

(this sample)

FormBook

Executable exe 9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7

  
Dropping
MD5 98eaf5b5768a42fe7606d193538ef6b8
  
Dropping
SHA256 9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7

Comments