MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae378431fd06aa5828fa44b2ad0c771e4974c42692a150411aa199f01ea2366b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	ae378431fd06aa5828fa44b2ad0c771e4974c42692a150411aa199f01ea2366b
SHA3-384 hash:	ed6016d23e9fe6c6a54661317ec23f253ee644f759ef03bca90b715b2a8daf6b9a08df90e27743fe047804e1e75a8e83
SHA1 hash:	7d8b3aeeb9402380a77cdfbbd8b1b72520ebd192
MD5 hash:	89080e7c49a05dd6dfe3e62d76f5ee2b
humanhash:	charlie-vermont-yellow-diet
File name:	15012021567.cab
Download:	download sample
Signature	Formbook Create hunting rule
File size:	523'010 bytes
First seen:	2021-01-15 07:15:23 UTC
Last seen:	Never
File type:	cab
MIME type:	application/vnd.ms-cab-compressed
ssdeep	12288:QytKa2RsW/Nu+rixdZu/TrK2puHH4LlcpaBg/eRNS:QyttsuhxdCfK2wHYupaTRNS
TLSH	7DB423429FF2225C9EA5871D408061D40FEE1CAA316FEEDC388C9989E2DF46334B597D
Reporter	abuse_ch
Tags:	cab FormBook geo KOR

abuse_ch

Malspam distributing Formbook:

HELO: mail-smail-vm51.hanmail.net
Sending IP: 203.133.180.239
From: 빈둥지 <byoungsmin1369@hanmail.net>
Subject: 견적 요청 /RFQ-15012021543 Order
Attachment: 15012021567.cab (contains "15012021567.exe")