MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6983b5552319be503561517a77eb3185b08a37b3835baa6360cc2f491aa26bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	a6983b5552319be503561517a77eb3185b08a37b3835baa6360cc2f491aa26bf
SHA3-384 hash:	ff6da3bbbd88e01a473cf841ccba2fd1194db4e69153bb3f9207274f0be49e95772d3f6ff8fbd8d5a94631efbb64318c
SHA1 hash:	6fe4b8ce73de41a864f0436bd765f45166fbeb2e
MD5 hash:	9da0873d08139e333944ea36a1397de3
humanhash:	fourteen-charlie-nevada-pennsylvania
File name:	HS361 dt 26.10.20.zip
Download:	download sample
Signature	Formbook Create hunting rule
File size:	388'375 bytes
First seen:	2020-10-26 14:09:34 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:9r+S7jdTZ4rjHxG/m/OdnGr6UveIn3Haxn6lFmAv1/d/B7cuSP01JkRDtu5:V+O/4rjRGeOtC6UveIqR8X/d1cpuwDtu
TLSH	128423A1B007C91D6911E86E1E2CE40D0052292067BCB32BA2573F577D1F9DB9FE5BC6
Reporter	abuse_ch
Tags:	FormBook zip

abuse_ch

Malspam distributing Formbook:

HELO: jupiter.flywan.net
Sending IP: 179.50.4.12
From: G Joseph <support@qbasica.com>
Subject: FW: Freight Invoice - TRUE LOGISTICS [P] LTD
Attachment: HS361 dt 26.10.20.zip (contains "HS361 dt 26.10.20.exe")