MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea8c01b863af915ad3b0e804b6cd1726e34cf5c74dc3060975caa64e9a7c6c16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea8c01b863af915ad3b0e804b6cd1726e34cf5c74dc3060975caa64e9a7c6c16
SHA3-384 hash: 2327235c77f41c6d6b600bce6cff0acf245a08e776b10c5bbc7f101facc229d2208a5db4db21f07cddd62a94b9e69a49
SHA1 hash: 0670d78722394c91484e5fec5f401880dc6a79fc
MD5 hash: 05749b1813eaf96025c6ec5884dcde1e
humanhash: table-sierra-burger-snake
File name:Shipping Documents Invoice Packing List PDF.r09
Download: download sample
Signature FormBook
Create hunting rule
File size:241'567 bytes
First seen:2020-07-02 06:55:12 UTC
Last seen:Never
File type: r09
MIME type:application/x-rar
ssdeep 3072:s/UeMuIRPAXg0Yv7/uQU/XDjQSlLHqfIMa0QC26Xu11goLeiERE1rvslS31KnHvh:wxM3P5xYXfZqE0N26s7LrEmrEjAtszsQ
TLSH 6D342263F190B51C66E2FEAD1921D77CD43A8B1432C854D48DAD88EEED21944CDE2BD3
Reporter abuse_ch
Tags:FormBook r09


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: checkpt.com
Sending IP: 103.125.191.31
From: Jasim Uddin <Jasim.Uddin@checkpt.com>
Subject: New Shipment (docs)
Attachment: Shipping Documents Invoice Packing List PDF.r09 (contains "Shipping Documents (Invoice & Packing List) PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200703-0811.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea8c01b863af915ad3b0e804b6cd1726e34cf5c74dc3060975caa64e9a7c6c16/
Threat name:
ByteCode-MSIL.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 06:57:03 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5kgadoddv6ivvu5q5aclntixe3ruz5ohjxbqmclvzkte5gt4nqla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r09 ea8c01b863af915ad3b0e804b6cd1726e34cf5c74dc3060975caa64e9a7c6c16

(this sample)

FormBook

Executable exe 80fa061deb733b05912954a6e3400de75254f23e5befab4616ff978be37b6f9f

  
Dropping
MD5 2381d2d24865e3aeb269e50ad6f9c880
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80fa061deb733b05912954a6e3400de75254f23e5befab4616ff978be37b6f9f

Comments