MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df52c1042c3bf7ca6f13e76b04ab8f82f8aa70ac9fd131545794fa5631e08a3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: df52c1042c3bf7ca6f13e76b04ab8f82f8aa70ac9fd131545794fa5631e08a3a
SHA1 hash: 4eabee72fa19ab502adcf091420831b8a85dde00
MD5 hash: 3b6f119ea9ce245786f44201e62cc7e9
File name:Payment Notification.pdf.zip
Download: download sample
Signature Formbook
File size:238'929 bytes
First seen:2020-05-22 14:10:58 UTC
Last seen:2020-05-22 20:34:07 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:pqV7sW0GzsTDamEv92ReiwbHmvMW6W7//iS:QeEsTubvNiymkWx/P
TLSH 443423051F3428E5CDB65CAE860D06A7A8D8FE4C4FD43E23979235B421636C7A1E5EB8
Reporter @abuse_ch
Tags:FormBook zip


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: srv.polarbearcreative.com
Sending IP: 77.235.58.77
From: <noreply@fnb.co.za>
Subject: Payment Notification
Attachment: Payment Notification.pdf.zip (contains "Payment Notification.pdf.exe")

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 2
# of downloads 23
Origin country US US
ClamAV PUA.Win.Downloader.Aiis-6803892-0
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
VirusTotal:Virustotal results 29.69%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip df52c1042c3bf7ca6f13e76b04ab8f82f8aa70ac9fd131545794fa5631e08a3a

(this sample)

  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment

Comments