MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa007effecd7fac4a70c20b8ddbd206abe525f130f957c3e50e518e6c1cc09f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa007effecd7fac4a70c20b8ddbd206abe525f130f957c3e50e518e6c1cc09f5
SHA3-384 hash: 456248a8d4978365838c7bb593776c90f6348e48a9f8f45c7f4e00b3ca6a06f00f931c4c45b12cc23d3854fb1014d1d2
SHA1 hash: e1c950597d2f8b0845adf4a31d613b2fa5801bd0
MD5 hash: 7da18f27f8aa1f96c571b32e76d099d8
humanhash: cup-bluebird-leopard-robert
File name:Image 200319USD48742,55.pdf.r00
Download: download sample
Signature FormBook
Create hunting rule
File size:261'114 bytes
First seen:2020-03-31 19:23:48 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:mipEpRbI3RwbVWv0LEHgUGSNm46WKqQ/oMjpUiShxQ6Mvl:mipEpRIhwbRLEgSmNXqUjpjShdMd
TLSH 2F44120EBF478608BB3CA4A96A1D0441529F85EDA1B3A931C5C21373D47FEB64B477A3
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dvelectronics.com
Sending IP: 45.143.222.160
From: Fabio Hoffmann <f.hoffmann@dvelectronics.com>
Subject: RE:RE:RE:BALANCE PAYMENT
Attachment: Image 200319USD48742,55.pdf.r00 (contains "Image 200319USD48742,55.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 16:51:32 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=viah577m275mjjymec4n3pjank7fexytb6kxypsq4umonqombh2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 aa007effecd7fac4a70c20b8ddbd206abe525f130f957c3e50e518e6c1cc09f5

(this sample)

FormBook

Executable exe 730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681

  
Dropping
MD5 38dda800ed7fda9858cdba1b250bfe22
  
Dropping
SHA256 730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681

Comments