MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dae9d038671e36fbc50176eecf314a52c4f8c9216cf052efd0e6bd1df4a8b855. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments

SHA256 hash: dae9d038671e36fbc50176eecf314a52c4f8c9216cf052efd0e6bd1df4a8b855
SHA3-384 hash: 7bb84b6467f75d132f6e2aef0bb3c13e01d994e336fa1ba6c9952ac483d6de8978c5706213c9c240bf2fc0d87390bb3e
SHA1 hash: b537d8eadff7c8496a62c90333baed241370cad2
MD5 hash: 6e431830851895da6bda35452718bb1f
humanhash: kansas-robert-william-coffee
File name:Payment Slip.rar
Download: download sample
Signature FormBook
File size:202'711 bytes
First seen:2020-05-04 17:49:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:zDgsmjOuxgbfkQ2C6jjR7w/F2N3cba2MHEhDdd:zssOckVRiakpdd
TLSH 1A1413B366509234E2CAAF10FE554E75B6DC88FB8DAD80A197074C5C2E36CD862CEDD4
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: KUSANAGI-test-yanagiya.localdomain
Sending IP: 210.140.152.115
From: Per Te Corporation <support@baremetal.link>
Subject: Payment Advise
Attachment: Payment Slip.rar (contains "Payment Slip.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Formbook
Status:
Malicious
First seen:
2020-05-04 18:36:09 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar dae9d038671e36fbc50176eecf314a52c4f8c9216cf052efd0e6bd1df4a8b855

(this sample)

  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments