MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 294d980ee33b3ee783ef73efa634d8f910ac910f3a1d2b685daea4151dc7d3f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 294d980ee33b3ee783ef73efa634d8f910ac910f3a1d2b685daea4151dc7d3f2
SHA3-384 hash: 1bb21669dadb849db38b5bcee16aa7a7be06c4a4bac1b38c42b21e7aeece6fb6c1e3c87f2e27134209d1febc1074fcb4
SHA1 hash: 09384ec9ee897d766b03e5eff0579d23c25e3bff
MD5 hash: 94808d496596f1b0e00c996d77c1af89
humanhash: whiskey-fifteen-fish-river
File name:New Request for Quotation.Pdf.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'009'664 bytes
First seen:2020-06-04 09:00:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:/aUDG3Kp1O6VEJD6Lpzu5VGZ1xbt3oN/EqiOq762DOHXRSE8:/aUDd26VEt6pu5GbtwEqXq7pDOHw
TLSH 5A258D3672828434C17A4272A83E6BC5653B1F613641971F73EE73189FB369B732621E
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: wrleeding.com
Sending IP: 5.206.227.153
From: Jason Ang <jason@spheredex.com>
Subject: Request For Quotation
Attachment: New Request for Quotation.Pdf.img (contains "New request for quotation9867875‮fdp.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 09:36:19 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ffgzqdxdhm7opa7popx2mngy7eikzeiphiosw2c5v2sbkhoh2pza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 294d980ee33b3ee783ef73efa634d8f910ac910f3a1d2b685daea4151dc7d3f2

(this sample)

Formbook

Executable exe 63b52bedfe18fe9a059dafcf21ed7d2bd58b00e8b4078c98e165c36e3d347b60

  
Dropping
MD5 8bdeb6070b54bcbb362faea15aaf8f7f
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 63b52bedfe18fe9a059dafcf21ed7d2bd58b00e8b4078c98e165c36e3d347b60

Comments