MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44ec5321d7346a8e951e8cdafe861eaf852ff7f8902f5158b038301a85829e31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44ec5321d7346a8e951e8cdafe861eaf852ff7f8902f5158b038301a85829e31
SHA3-384 hash: d23cf1604d61fba0661ea4ed79c0c2bdd988e0d6a2d61fc6ee599e0e5dd15eff0e74ea1412474df45d7dfe1cd9b9a4d2
SHA1 hash: bdc6ae8fe6f77dda866170171bab46be5137d611
MD5 hash: 691dfa798940c6e229548c992951af54
humanhash: texas-berlin-beer-artist
File name:PO200712VB112.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:547'538 bytes
First seen:2020-08-03 07:16:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:hHaCkw8qy9XlS8h5ZzTn4iN/L72i9p6t1qpjKsadDzvp5flB:haHnqu1S8H1Tn4lIp6t1qzcXfL
TLSH 00C423BD98A6FDB483F8ADCC6C26E77C96B99E84165290F56E24B0CEC87110E41E0771
Reporter abuse_ch
Tags:Endurance FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: qproxy4-pub.mail.unifiedlayer.com
Sending IP: 66.147.248.250
From: Martin Ariel Castillero <info@compliancemodel.com>
Reply-To: nereus@cytanet.com.cy
Subject: REQUEST FOR PROFORMA INVOICE FOR DEPOSIT
Attachment: PO200712VB112.rar (contains "PO200712VB#112.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44ec5321d7346a8e951e8cdafe861eaf852ff7f8902f5158b038301a85829e31/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 07:18:08 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=itwfgioxgrvi5fi6rtnp5bq6v6cs757ysaxvcwfqhaybvbmctyyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/44ec5321d7346a8e951e8cdafe861eaf852ff7f8902f5158b038301a85829e31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 44ec5321d7346a8e951e8cdafe861eaf852ff7f8902f5158b038301a85829e31

(this sample)

FormBook

Executable exe dc9313eb1e94d26aae9ad9f8e5310589092b1a29f0436017417c3ad3e4f42e0d

  
Dropping
MD5 86870daf2a3aac9d194d24c396ca62ec
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc9313eb1e94d26aae9ad9f8e5310589092b1a29f0436017417c3ad3e4f42e0d

Comments