MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c267fd7890fd729592368cf808c21c4d3ae00e0ff064e4aac48ff475ec739539. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara 1 Comments

SHA256 hash: c267fd7890fd729592368cf808c21c4d3ae00e0ff064e4aac48ff475ec739539
SHA1 hash: b8210ffcd3da90bf2056014b303c6dff7bd92782
MD5 hash: 9ba50a2e02f39dbed2f605a3b58a033c
File name:PI02843.doc
Download: download sample
Signature Formbook
File size:18'484 bytes
First seen:2020-05-23 12:06:30 UTC
Last seen:Never
File type:Word file doc
MIME type:application/vnd.openxmlformats-officedocument.wordprocessingml.document
ssdeep 384:/imtnh4LTu1woC78OG5kR7g1pLbzkazvHM17:/Lh8T38NqR81F9Ds17
TLSH C082AF35D854732FEBB7C23EA1F497E4F06C42029B02B9F75E41BA998710ACF139558A
Reporter @abuse_ch
Tags:doc FormBook


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: vps.brightway919.com
Sending IP: 103.233.0.2
From: Brightway Trading Services <inquiry@bujan.com.ar>
Reply-To: sales@brightway919.com
Subject: REMITTANCE REVIEW FOR redacted@threatwave.com
Attachment: PI02843.doc

FormBook payload URL:
http://petrosklad.ru/order/cert.exe

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 29
Origin country US US
ClamAV SecuriteInfo.com.VBA.BladabindiDldr.1.Gen.4428.7144.UNOFFICIAL
VirusTotal:Virustotal results 42.19%
ReversingLabs :No data

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Word file doc c267fd7890fd729592368cf808c21c4d3ae00e0ff064e4aac48ff475ec739539

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments