MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09b45d1e31ed98cde4491a36347bf0f3c6947b3a91849bc944e976541aec9e92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09b45d1e31ed98cde4491a36347bf0f3c6947b3a91849bc944e976541aec9e92
SHA3-384 hash: e5e2932a8d6f84ea097c19d538a004051ede5307fdd5a3f7dad0aa586426483ee7aca9f2757622490f2d2b039b59091e
SHA1 hash: 8b9b9231ee04d5c16da7b11580d17682239f6895
MD5 hash: 5167139c22b7c57b57a432fb8296d3ab
humanhash: lemon-sodium-glucose-lake
File name:Confirm..rar
Download: download sample
Signature Formbook
Create hunting rule
File size:668'668 bytes
First seen:2021-01-08 08:25:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Q5xxZEc338Z3u2p3zgPq9WOb4crmSX9Te+klt844IrOxBlHkpUriCrn:Q5dsZ3N3zgPq9WpSmateBlt8Io5kuOwn
TLSH 68E423D683BC581D74180294E0C39F5E1BB37EA788AF45C531A951A26C37A1D80FEF6B
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.phuminhco.com.vn
Sending IP: 103.28.36.162
From: Hue Nguyen <sale@phumyhotel.vn>
Reply-To: Hue Nguyen <peter.lee.tmc@gmail.com>
Subject: Re Bookings for 2
Attachment: Confirm..rar (contains "Confirm!!!..exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09b45d1e31ed98cde4491a36347bf0f3c6947b3a91849bc944e976541aec9e92/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-08 08:26:20 UTC
AV detection:
2 of 46 (4.35%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bg2f2hrr5wmm3zcjdi3di67q6pdji6z2sgcjxske5f3figxmt2ja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/09b45d1e31ed98cde4491a36347bf0f3c6947b3a91849bc944e976541aec9e92

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 09b45d1e31ed98cde4491a36347bf0f3c6947b3a91849bc944e976541aec9e92

(this sample)

Formbook

Executable exe 9fdd7c91700e8ae665b85b921c9008a728d8a022c669f348c32865b674341333

  
Dropping
MD5 0b9fe0b29db5cab7a0fc3899361ebdaa
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9fdd7c91700e8ae665b85b921c9008a728d8a022c669f348c32865b674341333

Comments