MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0caec655f6fc217987411ba4c2a7df06466785fa4cec21aa526788206f57a16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: d0caec655f6fc217987411ba4c2a7df06466785fa4cec21aa526788206f57a16
SHA3-384 hash: ff714bd0c0af2aadb33d5603afa4a05c345856a6ca61ff62fe103cad90b4b516e04716cd0c99d4f39b72f67781965e8d
SHA1 hash: 5e12c79e4d0b3b155741811817c06af3d234fa42
MD5 hash: bbecff529d6bb493c1dde04e9deba46e
humanhash: lamp-paris-nebraska-undress
File name:Shipment Document BL,INV and Packing list Attached.zip
Download: download sample
Signature FormBook
File size:292'273 bytes
First seen:2020-06-30 01:46:38 UTC
Last seen:2020-06-30 02:49:57 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:niDR+pGg0nSoCl0NKmuW75RFwz9jRj6SlctfaDTHYNlxPvEqCWYtX32:ituG5RFwz99jrlYin4N3kFWeW
TLSH 085423D596B66E289C9E8B51FCC27BCC42618EF15840240BFC458E9EA75F4E70C2686C
Reporter @jarumlus
Tags:FormBook

Intelligence


File Origin
# of uploads :
2
# of downloads :
33
Origin country :
FR FR
Mail intelligence
Geo location:
CH Switzerland
Volume:
Low
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Spyware.FormBook
Status:
Malicious
First seen:
2020-06-30 01:48:06 UTC
AV detection:
22 of 31 (70.97%)
Threat level
  2/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip d0caec655f6fc217987411ba4c2a7df06466785fa4cec21aa526788206f57a16

(this sample)

  
Dropped by
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments