MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b727f595c48e270b298dbdda32fb8caeab87959bc141e8ac18f640701cde283a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b727f595c48e270b298dbdda32fb8caeab87959bc141e8ac18f640701cde283a
SHA3-384 hash: f9177c05e81d1302e0e3b0387cfa8a7b87cfae81355bef297ec03518d30c3ee6eb6fc9699bdd01f6243fe6dce9282232
SHA1 hash: 08396b2a811c3ddf73bbf4b828f09d950add9562
MD5 hash: 3894c227ceef3b4d9fb32744b97f394a
humanhash: music-cola-undress-autumn
File name:SWIFT SUPPLAGR SPS-KHARKOV NO329535.PDF.z
Download: download sample
Signature FormBook
Create hunting rule
File size:270'162 bytes
First seen:2020-05-21 10:38:26 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:d3IDB6tfdSCHB7ilYxYd8ElgKH9tDWc4FZ9lo:OV6tfdSW7iBKEbHzA8
TLSH C5442310351C0F9B602E2752E4E52FBC46EF75F2EB148CD104F9A18EE90EC26E95B8D9
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.andalanfluids.com
Sending IP: 180.235.150.93
From: Andrea Grande - S.r.l. <larry@mkcapitalsolutions.com>
Subject: RV: 1st Quarter payment by RRBL released on 21/5/20
Attachment: SWIFT SUPPLAGR SPS-KHARKOV NO329535.PDF.z (contains "SWIFT SUPPLAGR SPS-KHARKOV NO329535.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bsymem
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:18:38 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z b727f595c48e270b298dbdda32fb8caeab87959bc141e8ac18f640701cde283a

(this sample)

FormBook

Executable exe 5bd27386ef3a7ad330e244fc7db1624b950b4edf0bcec08e98ac58c9d5e7422d

  
Dropping
MD5 5f0a163714cec207905701f1de4e5c19
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5bd27386ef3a7ad330e244fc7db1624b950b4edf0bcec08e98ac58c9d5e7422d

Comments