MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b821f4c7c7eb551458253e3b504fb21fccc59f14e72c4e3361c0f25dcd603e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b821f4c7c7eb551458253e3b504fb21fccc59f14e72c4e3361c0f25dcd603e7
SHA3-384 hash: 1ee56adb9368af806689a1b4ca1db45dc2686cae8c86d0eca70ccdd97b2a626383e31899aaac18c49740c2d7acd22cc7
SHA1 hash: aeee3389cef3a5392a20fc40aa82d0e483c8d3f7
MD5 hash: bf026729b9db91db684daf47ee5587d1
humanhash: juliet-burger-march-video
File name:TYPE IIR with tie.jpg.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:441'466 bytes
First seen:2020-07-08 07:11:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:bJphpvWvYjMGNa6hcda9N56IXi3+5OZuqVtUBkR11L9UEPR9j4elMhnfcRZrB+il:9/pEYYGncd4XhqVtUBUz9ceehnfcnrn/
TLSH CA942358327EE608D7B79239F9390668E834E7E1CF48885AF19A1C9071DAF2D464BD07
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 3sapparel.co.141.90.111.in-addr.arpa
Sending IP: 111.90.141.26
From: Lily Tran Zulueta <lzulueta@aerocrpevionics.com>
Reply-To: leelam@asia.com
Subject: Inquiry of 2x40FT HC Super
Attachment: TYPE IIR with tie.jpg.rar (contains "gSbuXvKOQIYVuix.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b821f4c7c7eb551458253e3b504fb21fccc59f14e72c4e3361c0f25dcd603e7/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 07:12:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lobb6td4p22vcrmckpr3kbh3eh6mywprjzzmjyzwdqhslxgwaptq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 5b821f4c7c7eb551458253e3b504fb21fccc59f14e72c4e3361c0f25dcd603e7

(this sample)

FormBook

Executable exe ce2fb70594dabbee01ba985e6e04a5fbdc57b2d589722dab7213c999151efcef

  
Dropping
MD5 09423dffc51de71516d493ed13b85565
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ce2fb70594dabbee01ba985e6e04a5fbdc57b2d589722dab7213c999151efcef

Comments