MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d51206c43194a395f40499ced788aaf15c8cf2028d4cb0bdc7ab7f7199b3cc06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d51206c43194a395f40499ced788aaf15c8cf2028d4cb0bdc7ab7f7199b3cc06
SHA3-384 hash: 6dc87e78896731d8dc3926a09f114be26410329420f5045fe2587290b675afff0d5c82287c544eae1df913146ce660f5
SHA1 hash: 8ce7339ceb45d8242c6854d60d55604fad779c56
MD5 hash: af3f31115fec70f60acb7d3ca2de53a9
humanhash: music-oklahoma-vermont-mango
File name:Quotation.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:206'770 bytes
First seen:2020-07-20 07:40:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:2nwE0Y/kPLOM6PDqz7aXqlhoWgRBl0ZU+KxrLM3nciLvxDM79+fpLgvbDbBIaVyN:bUg6/7qzmXehBuXxrLMbxo4xLSfBIMyN
TLSH BB14129E196CE27AB8257C5BFF084D839E92E25077A3E05D069D808DD48FD931B147CD
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.itbiz.gr
Sending IP: 216.55.169.89
From: sm@qcheck-cert.gr
Subject: Quotation and Sample of Products
Attachment: Quotation.zip (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21199.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d51206c43194a395f40499ced788aaf15c8cf2028d4cb0bdc7ab7f7199b3cc06/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 07:42:12 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ujanrbrssrzl5aethhnpcfk6foiz4qcrvglbpohvn7xdgntzqda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d51206c43194a395f40499ced788aaf15c8cf2028d4cb0bdc7ab7f7199b3cc06

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip d51206c43194a395f40499ced788aaf15c8cf2028d4cb0bdc7ab7f7199b3cc06

(this sample)

FormBook

Executable exe a492b017c3e12fe55493c562ed1304155616cb61b24f6dce0bfcd3eb7a7bdaf5

  
Dropping
MD5 892800b291892b73d73e80ca270d3117
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a492b017c3e12fe55493c562ed1304155616cb61b24f6dce0bfcd3eb7a7bdaf5

Comments