MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83ba9d7bcfba422fd9f4e801d8f61901c56473d287d952a41530f6a49c59c905. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83ba9d7bcfba422fd9f4e801d8f61901c56473d287d952a41530f6a49c59c905
SHA3-384 hash: e96c7b557cc9f018cd98402ed65d857201775908ff7f852a9605b81dfc8bb9fa4afae436e233708e07b720c713f615f8
SHA1 hash: ec7946929e717862a5dfeee3faed6c59b41711f9
MD5 hash: 03db3c58e9ff87b03894a49263546b9c
humanhash: sink-west-oscar-low
File name:Covid-19 vaccines samples.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:25'960 bytes
First seen:2020-04-02 06:52:03 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:ZDKKdEtlL/gQtZZUVBqDrJDCGxK17qfzWY968P/lF:lKht/jtwVgFkEzx9v/H
TLSH A7C2E18D03BD8D696BC366FE2744CE8800973DB6521FD587B8AF468F458F98E0A71463
Reporter abuse_ch
Tags:arj COVID-19 FormBook GuLoader


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader->FormBook:

HELO: lalo.com
Sending IP: 94.177.242.156
From: Dr. Kim Jung <monique@kitsaptransit.com>
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: Covid-19 vaccines samples.arj (contains "Covid-19 vaccines samples.exe")

GuLoader payload URL (FormBook):
https://drive.google.com/uc?export=download&id=1OTx0IxAGluWa0AFZHdGXDmmw1G_lgtKZ

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 21:05:51 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qo5j266pxjbc7wpu5aa5r5qzahcwi46sq7mvfjavgd3kjhczzecq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 83ba9d7bcfba422fd9f4e801d8f61901c56473d287d952a41530f6a49c59c905

(this sample)

Formbook

Executable exe ce860f3976ba5df3c4465a4b60d12980677dccc961a9fa91555c7b9de14c3dd8

FormBook

Executable exe 52bca6a14b850bcd73ab0dd52a8f5be9e00ccb9ca7743a42bb44f236dc4d5a45

  
URLhaus
https://urlhaus.abuse.ch/url/333818/
  
Dropping
MD5 46ed637f1480905b94113f87211cbd38
  
Dropping
SHA256 52bca6a14b850bcd73ab0dd52a8f5be9e00ccb9ca7743a42bb44f236dc4d5a45
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 52bca6a14b850bcd73ab0dd52a8f5be9e00ccb9ca7743a42bb44f236dc4d5a45

Comments