MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d29c08a1a79f37f2972d5eddd36d22b0e4595b3594a43ca3735ca67c673989c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d29c08a1a79f37f2972d5eddd36d22b0e4595b3594a43ca3735ca67c673989c
SHA3-384 hash: 0cb796ec6945fffb0bccab2c415e8947fb443ec8cd8ed909bd591cfef95b2694930a971fc8f90e2dcc93b7f4638d85b5
SHA1 hash: f9c761b75af4a8800f636f37974a45eec41b6f57
MD5 hash: fcf108c03c958de009c69d61b259c543
humanhash: september-kilo-winter-california
File name:QUOTE 36.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:586'587 bytes
First seen:2020-07-20 08:59:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:uC5C7VuMqAPqr+GDNawkiyP8tOfLfNUlCf6ndfGiC4hQX:uJVuMqAPHGDNawRyP8tEJUKgeiCPX
TLSH D0C42346E496B514D341C285A8F2DEE06F78D9C3A5D7C12418BAD2937E8F404AEECB8C
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dongsonvina.co
Sending IP: 111.90.145.114
From: Brad Tyler <brad.tyler@hysic.co>
Subject: RE: AW: Request for Quote/proforma invoice
Attachment: QUOTE 36.rar (contains "QUOTE 36.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d29c08a1a79f37f2972d5eddd36d22b0e4595b3594a43ca3735ca67c673989c/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=juu4bcq2phzx6kls2xw52nwsfmhelfntlffehsrxgxfgprtttcoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4d29c08a1a79f37f2972d5eddd36d22b0e4595b3594a43ca3735ca67c673989c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 4d29c08a1a79f37f2972d5eddd36d22b0e4595b3594a43ca3735ca67c673989c

(this sample)

FormBook

Executable exe 80d1c0d6566bacc1b75145357e11d066c3fc49877afc5155eef788f17ee73471

  
Dropping
MD5 19d0614755d52d434616634c91d43519
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80d1c0d6566bacc1b75145357e11d066c3fc49877afc5155eef788f17ee73471

Comments