MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38be8fef0c9e8017100d56ac240aea25d3a2c8712a532f10cc9ffaa20763400c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38be8fef0c9e8017100d56ac240aea25d3a2c8712a532f10cc9ffaa20763400c
SHA3-384 hash: 873ec0bf29589e0652849932ef17a12298bb1b65436838d693c20f60d4b1c11d4b166c5c2f938120f30e393686e6b3cf
SHA1 hash: 8f0e866a952c020ba4aedf6fd7063e6007720b00
MD5 hash: 8861fb60613b98ee38f23f3a717f7d30
humanhash: twenty-apart-missouri-cat
File name:RFQ 20RFQ00106 - ID N°. 04129.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:386'428 bytes
First seen:2020-06-11 05:43:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:WKddXiLcxUTGOtUdYRZWM4HUEJbVEqrxq9iqqqcDACOg5TR4BojwD5sKBThwL6:WqULcxULUdYRZ14ZJbVRxqQq7cDx7oBL
TLSH 828423C4277ABC8B6D731335FB173352AC92B4B1829DB142F11467A726F68AEE70441E
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cloudhost-67388.au-south-1.nxcli.net
Sending IP: 103.224.90.42
From: Jody Panzer <jody.panzer@parker.com>
Subject: Confirm RFQ 20RFQ00106 - ID N°. 04129
Attachment: RFQ 20RFQ00106 - ID N°. 04129.zip (contains "RFQ 20RFQ00106 - ID N°. 04129.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 05:45:09 UTC
AV detection:
30 of 47 (63.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hc7i73ymt2aboeank2wcicxkexj2fsdrfjjs6egmt75keb3diaga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 38be8fef0c9e8017100d56ac240aea25d3a2c8712a532f10cc9ffaa20763400c

(this sample)

Formbook

Executable exe f495df589f3d5ada5d486d3795de4ddf24d296ae6af572a635ad00c4ed716088

  
Dropping
MD5 5468c372aec9a9401f596876b351a2b2
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f495df589f3d5ada5d486d3795de4ddf24d296ae6af572a635ad00c4ed716088

Comments