MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce6991893b8b8e472d6a780294a6b1bd5e9b951d92a494acd0ccc4636c1c43d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce6991893b8b8e472d6a780294a6b1bd5e9b951d92a494acd0ccc4636c1c43d5
SHA3-384 hash: 1085e99f895c033ac89ba3fffef60b655a1a75a53f19a9677bc80b558fe3801b299a1c108db2f92f444125f8366f6e9f
SHA1 hash: f428e6bc82472bc0e9a6f05b148d9bef12e2f34b
MD5 hash: 0f08df1692388bf1aeecd0c4741765fc
humanhash: single-alaska-fifteen-high
File name:Payment Receipt.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:286'711 bytes
First seen:2020-05-07 06:34:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:hOnn9uGE6ynvPl+27ZSMXMXgDhGyvY/QHHDoZ8vpmd4hv2Pca8jGcdXbDtJJfg7:hCn9ufdlZdMSeQHHDoapmdpEa3ufC
TLSH CA54234D9DF67054EAECB8982F05A6186568FEC42E4027F116E5CE93DEC233A93B50CD
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.pixeldesigncr.com
Sending IP: 199.168.189.50
From: support@somoselements.com
Subject: Payment Advice
Attachment: Payment Receipt.rar (contains "Payment Receipt.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 06:36:03 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zzuzdcj3roheollkpabjjjvrxvpjxfi5sksjjlgqztcgg3a4ipkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar ce6991893b8b8e472d6a780294a6b1bd5e9b951d92a494acd0ccc4636c1c43d5

(this sample)

FormBook

Executable exe fc714509dc4c3d6f3e13028be7be8207b2377331266c8ce213c575e511f8d31f

  
Dropping
MD5 b65f18515536ec70abd597ba60229d2d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc714509dc4c3d6f3e13028be7be8207b2377331266c8ce213c575e511f8d31f

Comments