MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa43016bfcdb25aaaa3f8eb080e0297304e381a70e9969ccf2f2bc03df8c3f9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa43016bfcdb25aaaa3f8eb080e0297304e381a70e9969ccf2f2bc03df8c3f9d
SHA3-384 hash: a190da86444b26cebf806e39e98744f6c9a2bc340ea313cfeb3c859d132ce1c33aba196d83b2f8338b0be2559712c0cd
SHA1 hash: 8eeab68966ef506d5688922333944d8a03063359
MD5 hash: 46d641dee22fab629ecbdba5dda9db75
humanhash: lithium-monkey-whiskey-foxtrot
File name:RFQ-PO320064.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:321'030 bytes
First seen:2020-06-20 07:04:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:9fyMuoVcfAujzpugwmY/sDn94EG2haDp8gSOvKSXEBvoN+oi8uLkUJS3QLCYvhXG:dfco2udn/yaEBSplxvXUON+uugUJS3QO
TLSH 4B64235B1AFBF0F54B37F07A6005C38B30EB2C52E926A53A7ED504564F86280959CFB5
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sungwon7.co
Sending IP: 111.90.158.36
From: Hailey Li Trang - sales Dept <saneagle@ms14.hinet.net>
Reply-To: saneagle@ms14.hinet.net
Subject: RFQ-PO#320064-JUNE2020
Attachment: RFQ-PO320064.rar (contains "RFQ-PO#320064.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 07:06:05 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7jbqc2743ms2vkr7r2yibybjomcohanhb2mwtths6k6ahx4mh6oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar fa43016bfcdb25aaaa3f8eb080e0297304e381a70e9969ccf2f2bc03df8c3f9d

(this sample)

FormBook

Executable exe dce6cefe7a650b400f2b26826f5b26d6ac2092261856c8e81d30e8b8e0b47249

  
Dropping
MD5 d6c6f3f433066de42ea752983883c13b
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dce6cefe7a650b400f2b26826f5b26d6ac2092261856c8e81d30e8b8e0b47249

Comments