MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9374c211fc924cac59bacbe5a688f3a25f740cb324d58b239da0c070b7393749. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara Comments

SHA256 hash: 9374c211fc924cac59bacbe5a688f3a25f740cb324d58b239da0c070b7393749
SHA1 hash: 29c773b71fff8c23cd2b85d3ceed990b7f3b9404
MD5 hash: 1c3d2dae318e1747e77626592a53186d
File name:DHL293413110038.exe
Download: download sample
Signature FormBook
File size:393'216 bytes
First seen:2020-05-22 13:43:44 UTC
Last seen:2020-05-22 15:01:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:TDOQxwqyqhp2/Q4xKO1ktqThKT5D0ISq/AXK6eew3Fs8wQqI8LVZWr50bzV:HOSwqyqhpqQEKO1aqThOJSqKsew3m8ml
TLSH 1C849D2423CC8557CAADC5B7C0D2590343E8E46E098FA78ADCD9A1EA7F573B3D842587
Reporter @abuse_ch
Tags:DHL exe FormBook


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: smtp109.iad3a.emailsrvr.com
Sending IP: 173.203.187.109
From: DHL <abiola@fastandfriendlyrx.com>
Subject: DHL Pickup Confirmation DHL293413110038
Attachment: DHL293413110038.IMG (contains "DHL293413110038.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 31
Origin country US US
ClamAV SecuriteInfo.com.Trojan.Siggen9.48128.28574.9755.UNOFFICIAL
VirusTotal:Virustotal results 33.33%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 9374c211fc924cac59bacbe5a688f3a25f740cb324d58b239da0c070b7393749

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments