MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8460b3b339bf851e841ce9510e66ee0a3a748725a82d1d3d5f73ada110675e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8460b3b339bf851e841ce9510e66ee0a3a748725a82d1d3d5f73ada110675e2
SHA3-384 hash: 63470517b27281d1adc50e414a975b9919f380f4ef89b971494a3072b6c727c4917de6b1fc233fea6a21710df0c18195
SHA1 hash: fcbb12000a459b8925f3ef0b8b738a692dfb180e
MD5 hash: b884af7fb8ba712ef2611b465d93d978
humanhash: salami-mike-two-fanta
File name:NEW ORDER.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:371'498 bytes
First seen:2020-05-20 07:46:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:0DeKikroJZE8bXyILAmcHcWeRc8JSQacZ9qA9wcSPY9zrWzC7/WaVlxkNjc:meBkroUgX14HcvJSdcZT/xR7/WaxkNjc
TLSH 2E842309B0BD9F272D17DF421DEEB2023A21D1DDD2E290474B9C7E5F16E82279E46352
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: reseller.hostingbangladesh.com
Sending IP: 88.198.58.29
From: Mark Tech <info@echosoftbd.com>
Subject: New order po#0520021
Attachment: NEW ORDER.rar (contains "NEW ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27360.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 01:31:39 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
18 of 30 (60.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbdawozttp4fd2cbz2krbzto4cr2osdslkbndu6v645nueigoxra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar c8460b3b339bf851e841ce9510e66ee0a3a748725a82d1d3d5f73ada110675e2

(this sample)

FormBook

Executable exe 7054e09e939cb0fe23629b11e08c8f299d54694babb5db98df8ead30a9233866

  
Dropping
MD5 6fdecf51b428e772a8391a55c0a372d0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7054e09e939cb0fe23629b11e08c8f299d54694babb5db98df8ead30a9233866

Comments