MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca63509f3fa2b86a46574f37e39abab710b2dd55e1ec0b361724b3263336c2d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca63509f3fa2b86a46574f37e39abab710b2dd55e1ec0b361724b3263336c2d6
SHA3-384 hash: df2e4ff10d369b0022e53717e9551a42ce6697852c77c53d7ce3e768c5c7a2d2333150e9ca1696361a2881cb4e71a5eb
SHA1 hash: 64aa4910bc39accf154359d2141ec996567ea79c
MD5 hash: 79dfcf5a500d4d8e0e0ac40a0abcb7da
humanhash: cold-butter-bravo-quiet
File name:SALARY-RECEIPT.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:471'498 bytes
First seen:2020-10-20 08:33:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:wIVlqwv2aPARREJz8eNV2/4mqJphRExGMzGlF:rqPaIRRiz8eNVyDqJSxGcGlF
TLSH 93A4234212452B97CB60763D1EFD886E5321CE64EBB48C33D6131B19EB062359DAF772
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: server.blakecorporations.com
Sending IP: 199.250.204.180
From: HUMAN RESOURCES OFFICE <HR-Manager@victim-domain>
Subject: YOUR EMPLOYMENT STATUS
Attachment: SALARY-RECEIPT.zip (contains "SALARY-RECEIPT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca63509f3fa2b86a46574f37e39abab710b2dd55e1ec0b361724b3263336c2d6/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zjrvbhz7uk4gursxj436hgv2w4ilfxkv4hwawnqxeszsmmzwylla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ca63509f3fa2b86a46574f37e39abab710b2dd55e1ec0b361724b3263336c2d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip ca63509f3fa2b86a46574f37e39abab710b2dd55e1ec0b361724b3263336c2d6

(this sample)

Formbook

Executable exe dc3430242fe7ae5d1d1f7716fdefab05c10867ef7f6c66b2323bc20671a1b206

  
Dropping
MD5 bffff64f334a947da09d31a557492d42
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc3430242fe7ae5d1d1f7716fdefab05c10867ef7f6c66b2323bc20671a1b206

Comments