MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92ab65c38c8a3962fb80b7dc4dd494fc6203e0907be2699a2d91592e7b69973e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92ab65c38c8a3962fb80b7dc4dd494fc6203e0907be2699a2d91592e7b69973e
SHA3-384 hash: 2908bfe562da37061fd6012f0a1e180e0797afeb220e42da33ce529f50c2e9d9923a3e0cca1b371b988a50b3ac86472b
SHA1 hash: 5b709958ead60419050a1a1949037a99b777d83a
MD5 hash: df478d630671eab2366ec835c3fb99f2
humanhash: seven-triple-lithium-kentucky
File name:UPDATED STATEMENT OF ACCOUNT-SOA.PDF.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:260'680 bytes
First seen:2020-07-12 08:07:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:fmZHHv/je/hatl5zn6AoKPPrMp5zmo+Gpkpb+M5bCr:fm53oatl5PoKPWSGmpb+MBCr
TLSH 0C4423B6E618ADF76676D15708B9D447FE8A9EB4E3FBE6D93010D2240C21032CAB1C75
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server1.swisspac.es
Sending IP: 119.18.63.233
From: Nelson <receivables@dhanyagroup.ae>
Subject: STATEMENT OF A/C - DHANYA REFRIGERATION COMPANY L L C
Attachment: UPDATED STATEMENT OF ACCOUNT-SOA.PDF.rar (contains "UPDATED STATEMENT OF ACCOUNT-SOA.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92ab65c38c8a3962fb80b7dc4dd494fc6203e0907be2699a2d91592e7b69973e/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-12 08:09:05 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=skvwlq4mri4wf64aw7oe3veu7rrahyeqpprgtgrnsfms463js47a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 92ab65c38c8a3962fb80b7dc4dd494fc6203e0907be2699a2d91592e7b69973e

(this sample)

FormBook

Executable exe 2427c640fc5ca5313c85c5a956571afdb1543d5964d3ce536b61262d73a9eaaa

  
Dropping
MD5 8e35b423a18fafd76c7de83fafeae683
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2427c640fc5ca5313c85c5a956571afdb1543d5964d3ce536b61262d73a9eaaa

Comments