MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f5379da1016ec6379018e57b2e5bd8dc29eec3955b477840f57df4dc4baf8e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f5379da1016ec6379018e57b2e5bd8dc29eec3955b477840f57df4dc4baf8e8
SHA3-384 hash: 527ca0be7ba651a864209f11e2459258292d78ec1c76238c1786f3110e61e630df3be90e9f4552d5433eed693fdc74a3
SHA1 hash: cf51846576e12165220b718996245ceb678afdf7
MD5 hash: d29404c2b17e03a925c4e5e77257f567
humanhash: winner-single-nine-one
File name:Bulk-New-order.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:503'354 bytes
First seen:2020-05-12 08:35:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:4Oui6fxeA7lHI4vwfJngHSq7xIkqFyhOqMNBl25xt+mB3P3Kl:buiaeARI4ilsSq9IkqFgEmxtd3vW
TLSH FAB423871BA7743FB48CCC326D16EE70D96DBF89F652F0252D47A42424BE648068B739
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: host2.pryde-group.com
Sending IP: 72.52.202.42
From: Andy weng <info@kofusaisei.com>
Subject: RE: RE: Argos ECO & ECO Plus Order - PO20/00044-46
Attachment: Bulk-New-order.zip (contains "New-order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 09:36:46 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r5jxtwqqc3wgg6ibrzl3fzn5rxbj53bzkw2hpbapk7pu3rf27dua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 8f5379da1016ec6379018e57b2e5bd8dc29eec3955b477840f57df4dc4baf8e8

(this sample)

FormBook

Executable exe b432eb045c4f7d2e1b305682a2bc4cc784db6da61a9a3e527ed7f8b7de264079

  
Dropping
MD5 c23ed5aa58c1a59ddddae8198108c516
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b432eb045c4f7d2e1b305682a2bc4cc784db6da61a9a3e527ed7f8b7de264079

Comments