MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6c8ea9b803a874d6edf0da26459d0589d6c7646c5455c16450e63439a5b188e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6c8ea9b803a874d6edf0da26459d0589d6c7646c5455c16450e63439a5b188e
SHA3-384 hash: 74755e149563ac862bf187bd4630aa0abdff161325aa268e6c090c4a9acfc2cc63d40416bddd572b987cb4c78d54fb04
SHA1 hash: 385d91b10b843d4a75d4c811dc114f8e82e77ab0
MD5 hash: 78818b1a9753880e73fccd955ad74107
humanhash: kansas-papa-asparagus-eighteen
File name:Purchase order-77.pdf.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:300'066 bytes
First seen:2020-07-07 12:44:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:sOtFD07DAirBqPgaun74uy7s36RNyYvC/5f58gIJwTzKQ:HY0iraK74xZmYvif5PIuWQ
TLSH 7E542314013CDE1017B6B1EE40677F03D96A6796C0B755E4EA932ECA0CCD233669A7AE
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ngay24.com.localdomain
Sending IP: 45.127.62.185
From: Gustav Ernstmeier GmbH <merl@britt.gq>
Subject: Order Confirmation no. 951S2, Customer order no. 77
Attachment: Purchase order-77.pdf.rar (contains "Purchase order-77.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a6c8ea9b803a874d6edf0da26459d0589d6c7646c5455c16450e63439a5b188e/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 12:46:06 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u3eovg4ahkdu23w7bwrgiwoqlcowy5sgyvcvyfsfbzruhgs3dcha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar a6c8ea9b803a874d6edf0da26459d0589d6c7646c5455c16450e63439a5b188e

(this sample)

FormBook

Executable exe 4fc6cac9d7547036158bc3aa8be06f2a6be57eabc406abf3a39c2cacb5f410b8

  
Dropping
MD5 8a26d6812aece27f98e9985488d457b0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4fc6cac9d7547036158bc3aa8be06f2a6be57eabc406abf3a39c2cacb5f410b8

Comments