MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8e0769ada04d3face55959134a7eee5e55ef10f65eedeae65d9218e4371ace4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	d8e0769ada04d3face55959134a7eee5e55ef10f65eedeae65d9218e4371ace4
SHA3-384 hash:	b0806ee070d593dc197f10738847ed73d3e59f6668c69d8a56a29acda56e78319b6b32fe9e5a88faa264cdc071c518ec
SHA1 hash:	61d5bd761f346d04d94e653e51898f1c588d7c4b
MD5 hash:	6e5c8107462ffed31886a7f9491722af
humanhash:	cat-april-sad-jersey
File name:	PO328632.zip
Download:	download sample
Signature	Formbook Create hunting rule
File size:	456'447 bytes
First seen:	2020-06-28 09:13:43 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:qrnlQl/YiYCl//rxQVQhxvEA70XF641Devw9j/xzv9XJ:qrlQlDzp/rSmfEACFH1DeYF1
TLSH	E1A433CFCBC7E1DD385F797E9111F9404C98C49A85027CA9623AB168953FAB411EA8FC
Reporter	abuse_ch
Tags:	FormBook zip

abuse_ch

Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.200
From: Leona <admin@yingshitech.com>
Subject: Re:new order
Attachment: PO328632.zip (contains "PO328632.exe")