MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f54b8714e404d97f3bcb5dfdf75f7c961bb6a01def5fdd75060b57476fe0acfb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f54b8714e404d97f3bcb5dfdf75f7c961bb6a01def5fdd75060b57476fe0acfb
SHA3-384 hash: e086e2b343fcc7ab14bc5c4263977e86ac3b22f5eef125eddf93102b180a03667ca20595f00937e78a71c3abd419e311
SHA1 hash: dbbb3ed858bf3313a624a8d6134d440730dae5b4
MD5 hash: a3f9f9c0a6827ebe04195411754f0a70
humanhash: johnny-batman-arizona-sierra
File name:Company Statement.z
Download: download sample
Signature FormBook
Create hunting rule
File size:25'465 bytes
First seen:2020-04-01 14:05:49 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 768:M6AbL4mIF3fZTFFvVlSmNvHAU61YNGQZhHB:M6AomIF3xTFVV61YNJhh
TLSH 0DB2E1039798E7EF80ECB6ECB099FC07594552F96554EACD240B84D1A35B0FCA10FD45
Reporter abuse_ch
Tags:COVID-19 GuLoader z


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader->FormBook:

HELO: novo.com
Sending IP: 89.38.149.103
From: Jake Johnson <Jake@pmj-interational.com>
Subject: COVID-19 Company Statement
Attachment: Company Statement.z (contains "Company Statement.exe")

GuLoader payload URL (FormBook):
https://drive.google.com/uc?export=download&id=1UrSVYWQVD5e0ZzOppGXUWH6fw6rygt9h

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 14:35:32 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6vfyofheatmx6o6llx67ox34syn3nia555p525igbnluo37avt5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z f54b8714e404d97f3bcb5dfdf75f7c961bb6a01def5fdd75060b57476fe0acfb

(this sample)

FormBook

Executable exe f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5

FormBook

Executable exe 65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc

  
URLhaus
https://urlhaus.abuse.ch/url/332781/
  
Dropping
MD5 74eb0bbdc7ebdd505ab11e57037092d5
  
Dropping
SHA256 65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc

Comments