MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba28008f5d3190554fd0ddc0c8f22a776a699086af55514eb738f04dc1a8b07d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	ba28008f5d3190554fd0ddc0c8f22a776a699086af55514eb738f04dc1a8b07d
SHA3-384 hash:	a6df5b00acede0331deba66eba1b785eaabe2d11bc04cd9e0cf79bad518a9a3d681f2647fd354276418eb925d3096dc5
SHA1 hash:	97c96461b6135d577b9372eba3f4ae03530c2935
MD5 hash:	da9a526b67b4928b0680e49127879c8f
humanhash:	purple-uncle-virginia-music
File name:	SHIPPING INVOICEpdf.z
Download:	download sample
Signature	Formbook Create hunting rule
File size:	422'509 bytes
First seen:	2021-01-04 08:31:55 UTC
Last seen:	Never
File type:	z
MIME type:	application/x-rar
ssdeep	6144:7lGx+z4mPf1nrM4V2ZjexqiMjOiXAiqE5QIcdXtXi9MFd8+3YWF5dF427bSNcwQw:JmE4mPL4iMNXgXtPFq+3YQ4sKQl5ixb
TLSH	FB9423787E2427D0A767AFDB3B5348FE045A9592B7F1D9D2A4E6AC34D93032050F2C62
Reporter	cocaman
Tags:	FormBook z

cocaman

Malicious email (T1566.001)
From: "dhl express<Accountant@elcon-in.com>" (likely spoofed)
Received: "from elcon-in.com (unknown [185.222.57.189]) "
Date: "4 Jan 2021 08:29:57 -0800"
Subject: "DHL BILL OF LADING SHIPPING INVOICE DOCUMENTS"
Attachment: "SHIPPING INVOICEpdf.z"