MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 953f729df4576ded54063271a69a7c78e295a755b0ddda8fd0df1c1ab78157b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 953f729df4576ded54063271a69a7c78e295a755b0ddda8fd0df1c1ab78157b4
SHA3-384 hash: bff12605305402232ba22f0cf3311fd67093437afceaeda418895ac232882ae69a525c7f96939532b331de5c2625f244
SHA1 hash: 650adcb3245b8d30d645b746096351c4eefa4183
MD5 hash: d9f7801a9db251e874941485f62003b8
humanhash: iowa-cold-rugby-tennis
File name:RFQ20510.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:271'397 bytes
First seen:2020-05-11 08:06:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:VF9XtIwSFkqEOjKYjEdm06LA8O6Ck0BB8HGzMe4uV+fw1HwO:VF9XtNSFZZjF0kAX6/2BECMNuV+wHL
TLSH 99442379907A6E86364F1FA5624564B3FBF860A2BFC121156FD8CB32D770E9C3182613
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: host3.dnns.net
Sending IP: 66.128.53.164
From: ventassur@bsrentals.com.mx
Subject: Quote needed
Attachment: RFQ20510.rar (contains "RFQ20510.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 08:36:47 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
18 of 45 (40.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=su7xfhpuk5w62vaggjy2ngt4pdrjlj2vwdo5vd6q34obvn4bk62a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 953f729df4576ded54063271a69a7c78e295a755b0ddda8fd0df1c1ab78157b4

(this sample)

FormBook

Executable exe f8cd5468cae1b7ef288867c7be839e906c6671310d07c8811d044e435b2759e0

  
Dropping
MD5 426ed2b3fb584fa41907fd36520b2c1a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f8cd5468cae1b7ef288867c7be839e906c6671310d07c8811d044e435b2759e0

Comments