MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d408cdb967ca86c6486e248306f0bea3bb613c3eea04a18de319331d30f1ee78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d408cdb967ca86c6486e248306f0bea3bb613c3eea04a18de319331d30f1ee78
SHA3-384 hash: 16e079adcffded28d110e25fa8755e4dbd63ae5ece180f4245d1226c6061fe4077a2b7fba2a67e063986d75ff69b6613
SHA1 hash: 0b81d6ce222b8830fc44b8452cb0bc98dbffe8b8
MD5 hash: d811cfdebdfde7b0bfea8439122ad260
humanhash: finch-jig-bravo-march
File name:book_package__Parcel_Redelivery-785947_doc.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:232'626 bytes
First seen:2020-05-20 07:47:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:wYcQSmJxQrMFVMvYb2vEesxgyjlvm3E0tnuHQ2qDHvp:tzYAXMvYbwqx9Z4E492q7p
TLSH 1C34229C1D0BCFBF2EAB111306C19019DEC22C097AFB2771986DD6854A41D7B6DE6A33
Reporter abuse_ch
Tags:DHL FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 02.680.portnon.com
Sending IP: 66.70.170.55
From: DHL Express <daehan@dhlk.co.kr>
Reply-To: <noreply@dhlexpress.kr>
Subject: Parcel Redelivery 785947 - LEE CHANG JIN
Attachment: book_package__Parcel_Redelivery-785947_doc.rar (contains "book_package_&_Parcel_Redelivery-785947_doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 08:36:57 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2qem3olhzkdmmsdoesbqn4f6uo5wcpb65ickddpddezr2mhr5z4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar d408cdb967ca86c6486e248306f0bea3bb613c3eea04a18de319331d30f1ee78

(this sample)

FormBook

Executable exe 89b0eacda4ef76a8251ca81f72a3ae643ec5da7a6c103c8b558e27a2d9b8f7c5

  
Dropping
MD5 bad86c857ebab969e9aba9604bea27f3
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 89b0eacda4ef76a8251ca81f72a3ae643ec5da7a6c103c8b558e27a2d9b8f7c5

Comments