MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f640fe7dfd8b146f1910784bdd0181dc38d266472b737caf7028c1a15c83eea7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f640fe7dfd8b146f1910784bdd0181dc38d266472b737caf7028c1a15c83eea7
SHA3-384 hash: 0bc7955bd9df7e738e9e74acc4b928e7c1c4c0a7db89afa01abf95f31f619b7771c14659f031d50bea8e439d4e6486f6
SHA1 hash: 992d47680fec7541821e72fdde53e4498772353c
MD5 hash: 6ba4c029b2dcba0db9f71a61edd634df
humanhash: east-robin-equal-pennsylvania
File name:Details.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:365'717 bytes
First seen:2020-07-05 07:49:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:oyYjUe1qH3K/jPjtGZbzjtgSM5bRMrcITX9tMDx+kheS34P7PNIVHctrzRcDpPsG:yUesHW4zJgSk+9ODF3izNKEvRcK10
TLSH 177422778C5BEA5CF519C2B229BEB212CD868FB1091BF01D20EF06D9944DE4DD709B0A
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: WIN-EJCFGSELCJO.home
Sending IP: 185.4.30.96
From: INFO@BANKBOURSE.COM <info@technicalshop.ir>
Subject: FW: URGENT REQUEST
Attachment: Details.zip (contains "Svumhmp.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f640fe7dfd8b146f1910784bdd0181dc38d266472b737caf7028c1a15c83eea7/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 07:51:03 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zap47p5rmkg6giqpbf52amb3q4nezshfnzxzl3qfda2cxed52tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip f640fe7dfd8b146f1910784bdd0181dc38d266472b737caf7028c1a15c83eea7

(this sample)

FormBook

Executable exe cf6bbd5a9224dcd52aa71c16288945611a3348ca9953f32fa92a4c481c307195

  
Dropping
MD5 9aa179a57c735fa49f0c4ad5dc609154
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cf6bbd5a9224dcd52aa71c16288945611a3348ca9953f32fa92a4c481c307195

Comments