MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548
SHA3-384 hash: 454fec8b0fce6bc8e66c252e9a860d536cd8f98c34ac0123618a6e34c82f2653087969a6f7a0af6c9804250f5d7e4755
SHA1 hash: 772623d94be6d130ae9bb0597c47c3875406401c
MD5 hash: cf579f5d8318b9c2ca764d482388b512
humanhash: november-jersey-montana-louisiana
File name:PI.exe
Download: download sample
Signature FormBook
File size:77'824 bytes
First seen:2020-04-29 17:12:10 UTC
Last seen:2020-04-29 18:12:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 56c337f4292e0967ac82cfc53704f796 (1 x FormBook)
ssdeep 768:qy65gOrfRDRBFJ7gHTn0c0cGhFOhG7DB049OwyNfMhfL6:zOvB37oArLOWRY5NfX
Threatray 5'103 similar samples on MalwareBazaar
TLSH 24735C1370A9D6BDE7114AF04F25EF9801C2ACB40E558E1F3405F7AE2A39E41AF166E6
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: gateway34.websitewelcome.com
Sending IP: 192.185.148.142
From: cr7@refineryhouse.com
Subject: PI2020178B chacha new york -balance
Attachment: PI.rar (contains "PI.exe")

Intelligence


File Origin
# of uploads :
2
# of downloads :
86
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-04-29 17:35:40 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

f63bf174b9c3d3187ae4588e05dec07b

FormBook

Executable exe d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548

(this sample)

  
Dropped by
MD5 f63bf174b9c3d3187ae4588e05dec07b
  
Delivery method
Distributed via e-mail attachment

Comments