MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d1512de63fd1bf66f80c8ec2ec640464a6ce986101849488372a38fed2bcfb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 8d1512de63fd1bf66f80c8ec2ec640464a6ce986101849488372a38fed2bcfb6
SHA3-384 hash: ee83606667cacd3eb4b9bd798aad9cda5a777bd2158ebf4caecafc538efed615f6f400851fc88099708229b87562c402
SHA1 hash: 355db74ab7cf7797863b94a3e700d30548db76bb
MD5 hash: da0c1d3e4b6526d4c99022e8894ceee9
humanhash: coffee-charlie-equal-illinois
File name:WHITE SPIRIT MSDS_pdf.exe
Download: download sample
Signature FormBook
File size:1'238'528 bytes
First seen:2020-06-18 05:27:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 24576:+tb20pkaCqT5TBWgNQ7aHAy0TcsKlNrB8tK8e1aO6A:rVg5tQ7aHRsKlr8tK8e1x5
TLSH EB45D01273DD8364C3B25273BA26B701BEBF7C2506A5F96B2FD8093DB920121525E673
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: server1.bluecloud.jo
Sending IP: 81.95.158.149
From: Seacon Shipping Co.,Ltd <edison@seaconshipping.com>
Reply-To: edison@seaconshipping.com
Subject: Re: Request for quote - Nagoya/Japan
Attachment: WHITE SPIRIT MSDS_pdf.rar (contains "WHITE SPIRIT MSDS_pdf.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
35
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Bluteal
Status:
Malicious
First seen:
2020-06-18 05:29:06 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
formbook
Score:
  10/10
Tags:
spyware evasion trojan stealer family:formbook persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
System policy modification
Suspicious use of FindShellTrayWindow
Drops file in Program Files directory
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Reads user/profile data of web browsers
Adds Run entry to policy start application
Formbook

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 8d1512de63fd1bf66f80c8ec2ec640464a6ce986101849488372a38fed2bcfb6

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments