MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8d006c17bb6bbd1504420c3732fe8d17a9d356c81b9a969d860de4e04e8d231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8d006c17bb6bbd1504420c3732fe8d17a9d356c81b9a969d860de4e04e8d231
SHA3-384 hash: 7ed2ca5faec795650a7de456418ab6319f2791fda64b408790ed796bfe3440f842826d295eff95b58401a5da74a4b4c6
SHA1 hash: cbb5764162591b5b48339af673d4f2b39125430e
MD5 hash: 4c8378206e43cf170be6953724fa496f
humanhash: leopard-montana-fish-coffee
File name:Purchase Order.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:210'697 bytes
First seen:2020-07-22 06:39:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:lA8MCJpDgyU32U9LcMqzLGrKdOVvkVFVW8hg:lAY7Ev39ATGrKdOVsVLhg
TLSH 37241388DB6B6B8AEAF8A3F3124057A4C13F540529ED415F716BE75C0A06CA37D8D70A
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.DSPROMEDIA.COM
Sending IP: 91.151.85.120
From: Fulcrum Maritime Systems Ltd <accounts@fulcrum-maritime.com>
Subject: Purchase Order
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8d006c17bb6bbd1504420c3732fe8d17a9d356c81b9a969d860de4e04e8d231/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 06:41:06 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zdianql3w255cuceedbxgl7i2f5j2nlmqg42s2oymdpe4bhi2iyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c8d006c17bb6bbd1504420c3732fe8d17a9d356c81b9a969d860de4e04e8d231

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip c8d006c17bb6bbd1504420c3732fe8d17a9d356c81b9a969d860de4e04e8d231

(this sample)

FormBook

Executable exe 4638cb61381b2f87e80fd39f4b6c5f661ee224c874127c868b977d86cbdd7d10

  
Dropping
MD5 6895436208234fb199f947daac9a0df8
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4638cb61381b2f87e80fd39f4b6c5f661ee224c874127c868b977d86cbdd7d10

Comments