MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0e0ddd35e515a6cc87a5eb5462c3cbb2b263d5fc33ba3a910b06b4e3f58cddb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0e0ddd35e515a6cc87a5eb5462c3cbb2b263d5fc33ba3a910b06b4e3f58cddb
SHA3-384 hash: d83258bdbb34859a579849b3f6c61dadb514c511651848b07baea64672a8afd8b861d7619f70ada61c626cd6959a724d
SHA1 hash: c9c28dd9c170edb3576ba2e22de95300bb824b30
MD5 hash: 1dfabc735c938dcd84a4dbb25da8b70c
humanhash: lemon-purple-nitrogen-white
File name:PO 19877.uue
Download: download sample
Signature FormBook
Create hunting rule
File size:387'866 bytes
First seen:2020-06-03 10:54:54 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:hRH2RxYebXPnfL0d+oAb6EYw4env1tW63UfcSuYacly5jZH+VRQwDeGD5sqaJeHe:hRqxYUXPnf8FEYw4efW6UUSu2lsjZH+4
TLSH 89842398609DE3802D2CAA75BB51B8738DFCE66E112B82744238B037FCE55F9E44BC44
Reporter abuse_ch
Tags:FormBook Outlook uue


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: NAM11-CO1-obe.outbound.protection.outlook.com
Sending IP: 40.92.18.82
From: THE FIRE FIGHTERS <thefire.fighters@hotmail.com>
Subject: PURCHASE ORDER 19877
Attachment: PO 19877.uue (contains "PO 19877.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:37:50 UTC
File Type:
Binary (Archive)
Extracted files:
295
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=udqn3u26kfngzsd2l22umlb4xmvsmpk7ym52hkiqwbvu4p2yzxnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

uue a0e0ddd35e515a6cc87a5eb5462c3cbb2b263d5fc33ba3a910b06b4e3f58cddb

(this sample)

FormBook

Executable exe 30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe

  
Dropping
MD5 56c623aaef953d0c9e12d8dc1db68bf4
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe

Comments