MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a80f0dc7d78c856762061e22220dfe00573b8fa65eea987efe3dc8f7433b15bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a80f0dc7d78c856762061e22220dfe00573b8fa65eea987efe3dc8f7433b15bf
SHA3-384 hash: bb4bac8bb157c7db9e0d90d0b65e3cd61f3426bc725c36bc64ba72bcab71414e4df262642395091b9dde51f79210d6c7
SHA1 hash: 171f6d5d9bc82351fa672e107b40aa902e660109
MD5 hash: 0f1836a97f8fd8b15987266f6a59cdbc
humanhash: steak-michigan-blossom-cup
File name:Quotation.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:207'842 bytes
First seen:2020-07-10 07:03:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:yjFyowPwD3noujl/p0LOJ/BKlVZEZWlNEAl:yhnwP03ZjtGL6BcVlNEAl
TLSH 691423D1A9400AEB3C66B1B8578BF9C6DA73F13049DDA4D3AE2F21C2D848C8FE547155
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.kaktus.website
Sending IP: 89.43.28.146
From: Christopher <christopher@oicgulf.ae>
Subject: Quotation and Sample of Products
Attachment: Quotation.zip (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21199.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a80f0dc7d78c856762061e22220dfe00573b8fa65eea987efe3dc8f7433b15bf/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:05:06 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vahq3r6xrscwoyqgdyrcedp6abltxd5gl3vjq7x6hxepoqz3cw7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip a80f0dc7d78c856762061e22220dfe00573b8fa65eea987efe3dc8f7433b15bf

(this sample)

FormBook

Executable exe e8edf009c1c82f348ad925f7f9a34b4f241d52240c6cb43ab4536c4b363d5322

  
Dropping
MD5 1f2e931a76dbfac440c933b05a2c8e03
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8edf009c1c82f348ad925f7f9a34b4f241d52240c6cb43ab4536c4b363d5322

Comments