MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eaf586e901cebf18a97993cd064259a714d3d952d3250b502908f84905d8d649. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eaf586e901cebf18a97993cd064259a714d3d952d3250b502908f84905d8d649
SHA3-384 hash: cd501d64a35ba17ee12e0e5116810bc2778c97cbf6e5b5a4cca98544cf5855759194a51147ffc9e93fd41db978c3c4c5
SHA1 hash: 4e8d5755d6a0b3727fcc60de39054c47985986a3
MD5 hash: ddee10f24c19eaad27faafa9e8f2937f
humanhash: blue-don-triple-spring
File name:Profile certification.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:611'835 bytes
First seen:2020-10-21 07:54:41 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:CoAi0wma5TzD+n0G6y6828eb1Qewm8dAkKxDGSJUX:sihmalWn0G6h8aqldWRGSi
TLSH 35D423FFA12A24AF39AF107C244D4E1926F197C9C61B00197CED76E0FC6605BA584F9E
Reporter abuse_ch
Tags:7z DHL FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail0.grandair.xyz
Sending IP: 143.110.228.46
From: DHL <no-reply@dhl.co>
Subject: Re:Re: D.H.L Parcel Notification
Attachment: Profile certification.7z (contains "Profile & certification.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eaf586e901cebf18a97993cd064259a714d3d952d3250b502908f84905d8d649/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-20 18:17:05 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5l2yn2ibz27rrklzspgqmqszu4knhwks2msqwubjbd4esboy2zeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z eaf586e901cebf18a97993cd064259a714d3d952d3250b502908f84905d8d649

(this sample)

Formbook

Executable exe f0663d68ada4b6037f092567cd91968cbadf27b2c994b100ed506235b11cf172

  
Dropping
MD5 9a90e2b4e5b8638e427fb956dfe6be5c
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0663d68ada4b6037f092567cd91968cbadf27b2c994b100ed506235b11cf172

Comments