MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 923cdb496689db82509ef78fdd3cebaa75e1590475693383570c20457929c3dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 923cdb496689db82509ef78fdd3cebaa75e1590475693383570c20457929c3dd
SHA3-384 hash: 03cfc570d94b65d16a4d0f731b94bf694c3340a4ea0c3a4db5969bb5a41e6333b7c52c16960134cebbad7de06b534c91
SHA1 hash: d2c0f0cd5226c04fc5b60e491f65620341ceeb36
MD5 hash: 55a381cffe215a75123e8f36863ae53d
humanhash: mike-black-ink-kentucky
File name:HSBC Beneficiary Payments Advice.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:202'825 bytes
First seen:2020-06-02 08:20:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:W+YwYfgEVsqzmU18WRVSw5Ev5jl5EnlMBhRKvU4fLbx4tOQRZcAGN/jWG0Bs0yT8:W0KVxrWF5jw/z14IQRSA2jWGqaZS
TLSH B21413CF9F0D538ED187C81A54C4B5A8964D9C00DF9A0C27F07BA479893D72F84BAAD6
Reporter abuse_ch
Tags:FormBook HSBC zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: smtpauth.net4india.com
Sending IP: 202.71.131.16
From: HSBC BANK PLC<direct-credit@hsbc.com>
Subject: HSBC Beneficiary Payments Advice
Attachment: HSBC Beneficiary Payments Advice.zip (contains "HSBC Beneficiary Payments Advice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 08:36:35 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=si6nwslgrhnyeue666h52phlvj26cwieovutha2xbqqek6jjypoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 923cdb496689db82509ef78fdd3cebaa75e1590475693383570c20457929c3dd

(this sample)

FormBook

Executable exe b57c9384280389b262d09cb4fa5b5465aadd4aaba2afb6d48c5d6e7c3f8d923e

  
Dropping
MD5 284711c4fcb079feaedf50fe4083871d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b57c9384280389b262d09cb4fa5b5465aadd4aaba2afb6d48c5d6e7c3f8d923e

Comments