MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4d2c7462fe52eac23f88b482194083439cf69d48be74b3514ea804be68fff7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4d2c7462fe52eac23f88b482194083439cf69d48be74b3514ea804be68fff7e
SHA3-384 hash: ba0cb045fe78243409a5f6b5828e759aed13fd8ea2fb12fb10b420cac36a75441cd7179d0839e1b3fefcaa4445cf7a98
SHA1 hash: 6ac0286e10afa9a43e029ebbba98295941829fbd
MD5 hash: ca6079299759a32eb07836b21005a3db
humanhash: zulu-monkey-happy-texas
File name:Payment transfer.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:307'395 bytes
First seen:2020-05-06 09:59:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Kff9ryMK+VKUCUFRLLA//bpuPLFlmdyZMpelNBIpr2HS0eP7t5e9eLj7AV:KffE7PGL2/FuhlsyZ62BIpuuP7TnM
TLSH 9964234075261DE5FBBE42B3DA3A40BF495C58114F998B2D70BD69FAF890F24E864434
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sellerbulknewsservice.live
Sending IP: 156.96.60.137
From: sales@sellerbulknewsservice.live
Subject: Receipt
Attachment: Payment transfer.zip (contains "Payment transfer.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33787544.23763.13140.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 10:37:06 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4tjmorrp4uxkyi7yrnecdfaigq4462ourptuwniu5kaexzup757a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip e4d2c7462fe52eac23f88b482194083439cf69d48be74b3514ea804be68fff7e

(this sample)

FormBook

Executable exe 293f8c9b635a869a00e4f0d275c8a3e8f358242e4813e443282cbc5ceb8f099d

  
Dropping
MD5 96106d8d331a6f9c135c1f81bb82d9fe
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 293f8c9b635a869a00e4f0d275c8a3e8f358242e4813e443282cbc5ceb8f099d

Comments