MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d977ef1ad7c26b975d1dad6884542d4bb9a2815e779f6d34f0fc1ade9093dab8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d977ef1ad7c26b975d1dad6884542d4bb9a2815e779f6d34f0fc1ade9093dab8
SHA3-384 hash: eddc062e6e64ea07cc281c62f12d5eeb93cdbbf2038878f6610b13664e29f1585c8039eb620da4aacec7a015adb5c73b
SHA1 hash: 1f5cd10e1fb869f2f5dffbf08dea2c137953c8b5
MD5 hash: eb3cf1c8fdd3038b73124fff20f34509
humanhash: potato-diet-lake-oven
File name:168768566-104646-sdfnt5-8.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:269'709 bytes
First seen:2020-06-12 08:14:13 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:mloTlwMj748xHv+Pv6DwVdUOcMLwmWMKXVOOhgj9A8bGZYPVF:UoRw8s8dv+36EVdU+4hM3hA+PVF
TLSH BF44233C32DA39BB6548207BF73CB0B2299A2C970FC9C4EA92C5D5593E1677453A9C48
Reporter abuse_ch
Tags:ESP FormBook geo gz Santander


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.iklea-res.com
Sending IP: 45.95.169.45
From: Factoring y Confirming - Grupo Santander <fycuot@gruposantander.com>
Subject: Confirming - Aviso de pago
Attachment: 168768566-104646-sdfnt5-8.gz (contains "168768566-104646-sdfnt5-8.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 08:16:08 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3f366gwxyjvzoxi5vvuiivbnjo42fak6o6pw2nhq7qnn5eet3k4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz d977ef1ad7c26b975d1dad6884542d4bb9a2815e779f6d34f0fc1ade9093dab8

(this sample)

FormBook

Executable exe 0340939b40b81755432476dda237847f41da01ef6f21558dc015c345144fee78

  
Dropping
MD5 cc27e92c1534134b8a345f16e65de91d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0340939b40b81755432476dda237847f41da01ef6f21558dc015c345144fee78

Comments