MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff97399b19994495aff2a24d4d6297e2b1c1021d06f5566f11a8929c0ef6e350. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff97399b19994495aff2a24d4d6297e2b1c1021d06f5566f11a8929c0ef6e350
SHA3-384 hash: 07c6ad1e26dd8382649173a98a124977792ae37b459a2a59600a1f895722d1f2ee97b6c8292772d4fe4746ffd135e71a
SHA1 hash: ef80b3ae80e91b3f10736bfed861c7e99ddc5469
MD5 hash: 9a2524ecf0ad820fb174eb231da79fa6
humanhash: nine-uranus-orange-yankee
File name:MT OCEAN STAR ISO 8217 2005.pdf.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:350'586 bytes
First seen:2020-06-26 07:09:42 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:j43JaQ4A4uh3ImH9YSm9ZrSuPeXM6l/lwyXProYqunjhsowEkS3fbIFY:jcDHHFImdYRXrSuPecW/dXDoYqlSvEO
TLSH 9574235254631E01AABC7ABDAFE3DE7107C8FCF68563686388F6D788290C171D45CE94
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: maleo.empatdns.com
Sending IP: 180.235.151.73
From: Vungtau Ocean Shipping Agency (VTOSA) <General@vtosa.com>
Reply-To: General@vtosa.com
Subject: Re: REQUEST FOR QUOTATION //MT OCEAN STAR// ISO 8217 2005
Attachment: MT OCEAN STAR ISO 8217 2005.pdf.arj (contains "MT OCEAN STAR ISO 8217 2005.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff97399b19994495aff2a24d4d6297e2b1c1021d06f5566f11a8929c0ef6e350/
Threat name:
Win32.Trojan.Delikle
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 07:11:07 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=76lttgyztfcjll7sujgu2yux4ky4caq5a32vm3yrvcjjydxw4nia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj ff97399b19994495aff2a24d4d6297e2b1c1021d06f5566f11a8929c0ef6e350

(this sample)

Formbook

Executable exe d4405060b30fab298c2747fc58ec301dfa160be2df3e335a78900fac044a2493

  
Dropping
MD5 2568c960dc81807fb7ae36f8546af79f
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d4405060b30fab298c2747fc58ec301dfa160be2df3e335a78900fac044a2493

Comments