MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ada08a73c552f623c14346ea9a31286a416c931f05e913710818f7b03c717a80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ada08a73c552f623c14346ea9a31286a416c931f05e913710818f7b03c717a80
SHA3-384 hash: 0d3b757b6d1415d418097988df98030fd6e93ae16b0ada8261c31ac427cc9c61787dafbae5bdd3662ff4715f542b988b
SHA1 hash: 8958137127f0e096ee29f6d22a0f84bf42eaaec7
MD5 hash: 1edbb67d2c13311ab1f63deb68bf0b1e
humanhash: queen-sink-dakota-timing
File name:ORDER.LZH
Download: download sample
Signature FormBook
Create hunting rule
File size:371'999 bytes
First seen:2020-06-26 15:27:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:hAd27bGTsBYExk42cQJ1W0jvo+4g4fQU5lFIpu28YweoXLr8UyXkm3iO874XAWOi:hgebGTaR2cRNng4fQUvFiuFYwDbrJyX5
TLSH 088423A5E63338CA3690DE46E708870A0119CF5B9B2911DCC561BCE3FAA7517ADF07C2
Reporter abuse_ch
Tags:FormBook lzh Yahoo


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sonic301-21.consmr.mail.ir2.yahoo.com
Sending IP: 77.238.176.98
From: CAJA GROUP INC <amanda_johnson00122@yahoo.com>
Reply-To: CAJA GROUP INC <amanda_johnson00122@yahoo.com>
Subject: NEW ORDER
Attachment: ORDER.LZH (contains "ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ada08a73c552f623c14346ea9a31286a416c931f05e913710818f7b03c717a80/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 15:29:03 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vwqiu46fkl3chqkdi3vjumjinjawzey7axurg4iidd33apdrpkaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar ada08a73c552f623c14346ea9a31286a416c931f05e913710818f7b03c717a80

(this sample)

FormBook

Executable exe 8c3ab3dfe110988d790808121453336342297777bdac96a10d317bab2b0de2c6

  
Dropping
MD5 8c5eb4451c654cbb4912c5810241a18b
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8c3ab3dfe110988d790808121453336342297777bdac96a10d317bab2b0de2c6

Comments