MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 deeed37a10d7707ee60bcaec58b745252a61f4554a1a41a5bd8555bff054b6e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: deeed37a10d7707ee60bcaec58b745252a61f4554a1a41a5bd8555bff054b6e0
SHA3-384 hash: 2c8dc7c5e55ea279082ff4507932c4727020dfaee3b736ba760d94a61e06ab52b3772fc9ac69734fb28737642e212b20
SHA1 hash: f309416b674193104b1ef226e5e613928e9c47a2
MD5 hash: a7e2a6ff0627a58b9b460dda9a2567ef
humanhash: friend-fillet-hot-cardinal
File name:ADHOC RFQ-97571784.r15
Download: download sample
Signature FormBook
Create hunting rule
File size:360'071 bytes
First seen:2020-06-02 11:45:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ollB5HgLwvQRXrwWc9TCh9pJ2ikGbSiwviCbddl6cadpud/:olH5AkvurSpuQikQJyRbDscIQ
TLSH DF742361B142CDA73077816BEA3CE944043495E1B8DAC17472C7A3A91ACA34EBD3FF95
Reporter abuse_ch
Tags:FormBook r15


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.haihongventures.partners
Sending IP: 162.241.215.138
From: Ayesha Abdulaziz Al Hosani (ADNOC Onshore - PD) <info@haihongventures.partners>
Subject: ADNOC RFQ 97571784 - Products Supplies Needed
Attachment: ADHOC RFQ-97571784.r15 (contains "ADHOC RFQ-97571784.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Boilod
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 12:37:31 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
20 of 47 (42.55%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=33xng6qq25yh5zqlzlwfrn2feuvgd5cvjinedjn5qvk374cuw3qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar deeed37a10d7707ee60bcaec58b745252a61f4554a1a41a5bd8555bff054b6e0

(this sample)

FormBook

Executable exe 3b7dc89103d8c49eea88bd302c37e6b9c1f1ae13bdd38c9ff9709568b9f56e3b

  
Dropping
MD5 2d2db3a8698206d1e4b0928f4910de8c
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3b7dc89103d8c49eea88bd302c37e6b9c1f1ae13bdd38c9ff9709568b9f56e3b

Comments