MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b08add787ee884a3e2a0953cc6447fe394a544971aa17746275d2aa5e13690f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b08add787ee884a3e2a0953cc6447fe394a544971aa17746275d2aa5e13690f
SHA3-384 hash: f1d1b2f6587d1d49d0f531d9e6e908ab806a0309ad5adfad36306284f97a0200e3e680e4b1b25154a3cd991046c66e17
SHA1 hash: 487a327510caed634937e8a18547418c5914dda3
MD5 hash: e9a020d57c46ccacf00d1c7537d5345b
humanhash: fanta-hotel-summer-fillet
File name:Alpha 7763826639.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:431'253 bytes
First seen:2020-06-17 06:01:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:z2n8HRzrzV9CEuA8Vere2afXe2AVs18/Sm3Spyr9E43En+r3YWEk5hyNcPhdL:LVF9CfKuASbyr9E039EykqL
TLSH D39423B70F3826F0767064800D6A2F9B935F916F2DA729D500697417097F8BA37CB8C9
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: vps.sandrovicari.cc
Sending IP: 45.95.169.67
From: Anita Zhang <zxfjo@foxmail.com>
Reply-To: Anita Zhang <info@sandrovicari.cc>
Subject: Alpha Kg Company LLC.
Attachment: Alpha 7763826639.zip (contains "Alpha 7763826639.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 06:03:10 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmek3v4h52eeuprkbfj4yzch7y4uuvcjogvbo5dcoxjkuxqtnehq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 9b08add787ee884a3e2a0953cc6447fe394a544971aa17746275d2aa5e13690f

(this sample)

FormBook

Executable exe 31f02d35e3e941b42298936bd026b39a5d682825bc4b4277945f9f0143617931

  
Dropping
MD5 9e3db9c40093f7a159827ab2a9de640e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 31f02d35e3e941b42298936bd026b39a5d682825bc4b4277945f9f0143617931

Comments