MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 503ae164f3f9deda6cddfd4e477a5df4ac38af19dd82669908a29a8b98404bfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 503ae164f3f9deda6cddfd4e477a5df4ac38af19dd82669908a29a8b98404bfe
SHA3-384 hash: f3c33480f6b6ba657e4e22416c1b873b9147c3ab468a59104ac6afd251d8b427a448c28f21cb20a05029f942d0f06cdd
SHA1 hash: 47564121d34f941a0a6e118cd93283ae780ab978
MD5 hash: 3bb2172fbc3f676d30f103f3f62dd354
humanhash: triple-music-mango-summer
File name:QUOTE_3862.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:273'947 bytes
First seen:2020-06-16 05:01:49 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Z6remxCqg9NCBW3fMg3yw+KBWpv3+5AQFf1dCkXqhL+lmWJMm9w:Z6rKqJsfM7K453HUzPm2tq
TLSH F14423055326ABC985E0619A007D3B6D50AF605CEB0A8C4BE05CFFDF17A592BDCCB1E2
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: John Doe <john.doe@yuntong-batt.co>
Subject: RE: AW: Request for Quote/new articles for RFQ
Attachment: QUOTE_3862.rar (contains "QUOTE_3862.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:03:05 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ka5oczht7hpnu3g57vheo6s56swdrlyz3wbgngiiuknixgcajp7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 503ae164f3f9deda6cddfd4e477a5df4ac38af19dd82669908a29a8b98404bfe

(this sample)

FormBook

Executable exe 64ff498497ee75879455fa623913eed07fae30f5e357bb247bedcf76e7d4e04f

  
Dropping
MD5 a9115691f9877af0edd9cb1703470b84
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 64ff498497ee75879455fa623913eed07fae30f5e357bb247bedcf76e7d4e04f

Comments