MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccfcd14ec3a78c1aa106784cc34728e64e15606907863cec22bacace87c0399b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccfcd14ec3a78c1aa106784cc34728e64e15606907863cec22bacace87c0399b
SHA3-384 hash: 0d3f7b97ce67c348a3bcd72b4c5943534f4b5bb6d7cae15d9d9639795050d97026ecf7e59d51a7f39f87ca277956b45d
SHA1 hash: 90b48859c9e83db6df9d2e0e9157224f283e34f6
MD5 hash: 3a104aaf71428af9f43859dc55302621
humanhash: high-tango-alaska-lima
File name:Proposal_No-2020-07-02.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:429'724 bytes
First seen:2020-07-02 06:35:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:lHw2X41Da+oA4HNZWGMcNqF4+flxz4hYFVsGspH:lHU1Da+fiNZVSDzkYF4h
TLSH 259423C4E45FF187898B9B7A8FAF69A134F3150E5737015948C22BFE389A1768F5C128
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail-smail-vm37.hanmail.net
Sending IP: 203.133.180.225
From: 동탄 <sj45974@hanmail.net>
Subject: 발주서 - (주) 한화
Attachment: Proposal_No-2020-07-02.zip (contains "Proposal_No-2020-07-02.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareit-6863179-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ccfcd14ec3a78c1aa106784cc34728e64e15606907863cec22bacace87c0399b/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 06:37:06 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zt6nctwdu6gbviigpbgmgrzi4zhbkydja6ddz3bcxlfm5b6ahgnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip ccfcd14ec3a78c1aa106784cc34728e64e15606907863cec22bacace87c0399b

(this sample)

FormBook

Executable exe 5f6ecbe9757644eb46ceaef0b9e8354e63bab83b29bf47f4812c84beb08acb4f

  
Dropping
MD5 626564c30ff0af029d4da4ed3c6b073e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f6ecbe9757644eb46ceaef0b9e8354e63bab83b29bf47f4812c84beb08acb4f

Comments