MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 0107b290b0c427141a30d9f9fb2a6168cb4459aa120ddd165c3e44e01465ff04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 5
| SHA256 hash: | 0107b290b0c427141a30d9f9fb2a6168cb4459aa120ddd165c3e44e01465ff04 |
|---|---|
| SHA3-384 hash: | eab0aa161d387035d671de76531f2f4a53725d112caebf8173544c681676911d33f4c362b191c112b5164d779d8f9f55 |
| SHA1 hash: | 8b50583ba77e6cb37d75dabf905a9b33bdceeb2d |
| MD5 hash: | 807819ae9d1d3f659a9d67ef346f0d21 |
| humanhash: | india-spring-oscar-four |
| File name: | 108722FTTOO17_Advance TT.arj |
| Download: | download sample |
| Signature | Formbook |
| File size: | 217'343 bytes |
| First seen: | 2022-11-03 07:27:11 UTC |
| Last seen: | Never |
| File type: | arj |
| MIME type: | application/x-rar |
| ssdeep | 3072:sjRDMGleBB8yDJyY8f1VOHE7It+/Ttf60p0E9+kwOddgoQK3K/bEQ9g5126V:sNDgBOyNyYNE7I4l60TrdSJaKjd9g5n |
| TLSH | T1272423E45FAEA60C834F988275564A885E61216F9EED3BC7E667B439D1D001CE333707 |
| TrID | 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1) |
| Reporter |  cocaman |
| Tags: | arj FormBook SWIFT |
cocaman
Malicious email (T1566.001)From: "Virender Singh <kyn.mat@fdandersonagency.com>" (likely spoofed)
Received: "from antyfugo.fdandersonagency.com (antyfugo.fdandersonagency.com [92.52.217.135]) "
Date: "02 Nov 2022 11:47:11 -0700"
Subject: "RE: Swift Copy 01-11-2022"
Attachment: "108722FTTOO17_Advance TT.arj"
Intelligence
File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
File Archive Information
This file archive contains 4 file(s), sorted by their relevance:
| File name: | ugmbhjxfz.hf |
|---|---|
| File size: | 189'952 bytes |
| SHA256 hash: | 5b80d85079a29aba8c30f1eb794bb31588cf11a2829c208236cc80df3f67bbc2 |
| MD5 hash: | 5d307f59a0a8c63fd7384058eaf68dbe |
| MIME type: | application/octet-stream |
| Signature | Formbook |
| File name: | jxybtdctyj.exe |
|---|---|
| File size: | 7'680 bytes |
| SHA256 hash: | e4e8f5fa19be282e3926e259265ec048ada69822b47622c0d1a26cb8652125a3 |
| MD5 hash: | 1b3c05fa6e5175137fa0a1b7257ff606 |
| MIME type: | application/x-dosexec |
| Signature | Formbook |
| File name: | fjfyijmwm.pg |
|---|---|
| File size: | 5'867 bytes |
| SHA256 hash: | 80b505f709a1596565857ae0bbee9f6089e353043ba6bbd40b02dc4afdfe8c96 |
| MD5 hash: | 29231bce34fd03ba1db8ee339b1051e3 |
| MIME type: | application/octet-stream |
| Signature | Formbook |
| File name: | 108722FTTOO17_Advance TT.exe |
|---|---|
| File size: | 230'462 bytes |
| SHA256 hash: | 2b3d32ba155e67989eb11a9cf80ca81dc5ebccd90e1589996cbeb613d445874c |
| MD5 hash: | 35c80a1656228ab11b5ea483dc7b5b20 |
| MIME type: | application/x-dosexec |
| Signature | Formbook |
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Leonem
Status:
Malicious
First seen:
2022-11-02 10:56:07 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
18 of 41 (43.90%)
Threat level:
5/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Formbook
arj 0107b290b0c427141a30d9f9fb2a6168cb4459aa120ddd165c3e44e01465ff04
(this sample)
exe Delivery method
Distributed via e-mail attachment
Dropping
Formbook
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.