MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d194485c76f5f8488c7dc70cf54f2a12aff37087c6168e981966fd4f7ff00c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d194485c76f5f8488c7dc70cf54f2a12aff37087c6168e981966fd4f7ff00c6
SHA3-384 hash: f55d18e8c3f013dbd64040723a82e8aa0ca21edd2590e7a7fb925284afd1f706d8e82f90ee35c9d508407c807e4e7b9a
SHA1 hash: be46c44754e266915209d0f17393b132c744c5a1
MD5 hash: 82f22500e4e5df796f483b89c20e0e16
humanhash: queen-comet-lamp-illinois
File name:Orders.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:265'368 bytes
First seen:2020-06-08 07:34:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:YXVI6bDHnayEoc/ZKgB4bqQHmj/5wZnTcgFFY9ZEGg:GVZbfNcBKgcqThQTvFF7J
TLSH C94423CBDFCEC014DDA87F089F9C2D15F210673F562C6662B1E898D9C73A50E038A619
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: moon.vivawebhost.com
Sending IP: 78.128.60.41
From: Kerry Leung <sales@ctgbrands.com>
Reply-To: coolskyho@gmail.com
Subject: NEW PO M00T2009 7009
Attachment: Orders.rar (contains "Orders.exe")

FormBook payload URL:
https://cdn.discordapp.com/attachments/717301698174910538/719282500987387956/WyksMNB

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Sonbokli
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:36:05 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dumujbohn5pyjcgh3rym6vhsuevp6nyiprqwr2mbszx5j577adda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 1d194485c76f5f8488c7dc70cf54f2a12aff37087c6168e981966fd4f7ff00c6

(this sample)

Formbook

Executable exe e24de4c134736acb2b1342770c1a9d2402180f58b3c90c2c2bc06d85c6484760

  
URLhaus
https://urlhaus.abuse.ch/url/383096/
  
Dropping
MD5 a82234a9166a3070b5969ce4be875345
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e24de4c134736acb2b1342770c1a9d2402180f58b3c90c2c2bc06d85c6484760

Comments