MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28d707e4640428d9e83363aef1f208e3d4631b2fd4974c2aaa25c7e1668f6dd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28d707e4640428d9e83363aef1f208e3d4631b2fd4974c2aaa25c7e1668f6dd5
SHA3-384 hash: bb4ab078b923ca79d4833b9b7d15f9f52e96e0311994384b90c81f5a13aea33021fb0b6d79558e17f0c92e0921d3d5a2
SHA1 hash: 3fcd3e6291688ee62c3cc63cdce0c16ca62eb388
MD5 hash: a36284882fa48d8b69b17aa805434dd8
humanhash: mississippi-zebra-oranges-wisconsin
File name:Group booking confirmation.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:920'137 bytes
First seen:2020-08-19 11:33:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+F6F7WVAFxsO3CYdEEvXszOxAJSZR3yBuvy8WZiqFtpOermoegTQviQtppF2U:RqqscvcimJECBuK8W/FtZrmITkiWl2U
TLSH 3E1533A39AD3264A70E2F9F1B379008572B47CAB17F95A4CF18C8626E6FBD148397111
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: franceloc-postfix.filnet.fr
Sending IP: 194.187.193.119
From: Cláudia Diniz <info@wip-hausschutz.de>
Reply-To: finance.booking.com@outlook.com
Subject: GROUP CONFIRMATION
Attachment: Group booking confirmation.rar (contains "Group booking confirmation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/28d707e4640428d9e83363aef1f208e3d4631b2fd4974c2aaa25c7e1668f6dd5/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-19 11:35:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fdlqpzdeaqunt2btmoxpd4qi4pkgggzp2sluykvkexd6czupnxkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/28d707e4640428d9e83363aef1f208e3d4631b2fd4974c2aaa25c7e1668f6dd5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 28d707e4640428d9e83363aef1f208e3d4631b2fd4974c2aaa25c7e1668f6dd5

(this sample)

Formbook

Executable exe 7307a0ff8927e1ec7690e4aaf7fcdf16dbef7455d847536625d833ee709a470c

  
Dropping
MD5 7d776710b448706c85804475b1417765
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7307a0ff8927e1ec7690e4aaf7fcdf16dbef7455d847536625d833ee709a470c

Comments