MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4be43a81a57f99ed8b389643a5c20b4e9a9eee1c64fcec819567606622e8d709. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4be43a81a57f99ed8b389643a5c20b4e9a9eee1c64fcec819567606622e8d709
SHA3-384 hash: 0fb719c93444e4ff4da365c2294b03b46d47c796eace653825bd250e3c485143adf08a1814792975c3bed8e78a23e092
SHA1 hash: 5ec56cae83020f2632f679259f5429b04b897175
MD5 hash: bc6765e3b8ebd67cb901ff1dc7a2e865
humanhash: robert-fillet-alaska-timing
File name:NEW ORDER.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:302'590 bytes
First seen:2020-07-21 07:36:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:1qpYSowfHhuyjtjzycUvKmKf7yBKlz1jINKfcSNTv:1qpYCBjZJoK2BK11QKzZ
TLSH E55423D1343AE1AF6DF1151A0E6D72FE341E92A1C84C1EB15F3E718DDB204A698A37B4
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: fre.freespirittours.ge
Sending IP: 192.254.140.61
From: executive@freespirittours.net
Subject: RE:PROFORMA INVOICE
Attachment: NEW ORDER.rar (contains "NEW ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27360.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4be43a81a57f99ed8b389643a5c20b4e9a9eee1c64fcec819567606622e8d709/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 07:38:07 UTC
AV detection:
14 of 27 (51.85%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jpsdvanfp6m63czyszb2lqqlj2nj53q4mt6ozamvm5qgmixi24eq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4be43a81a57f99ed8b389643a5c20b4e9a9eee1c64fcec819567606622e8d709

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 4be43a81a57f99ed8b389643a5c20b4e9a9eee1c64fcec819567606622e8d709

(this sample)

FormBook

Executable exe a4cfc3715bff5df4b930adfd46eda975666cafebd5e538910680f44d105170a3

  
Dropping
MD5 9fa8ea5fde3bee57cf5b20e31db1c7ff
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4cfc3715bff5df4b930adfd46eda975666cafebd5e538910680f44d105170a3

Comments