MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a3ad97bcd5b7d1903e3b80b9a868569d0a8c4becc432f876c1e9c95996628d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a3ad97bcd5b7d1903e3b80b9a868569d0a8c4becc432f876c1e9c95996628d9
SHA3-384 hash: eec9b3459469c8f4fe5a330477d9826ab9771f66a295789e770d92ea894ce825a33797d337370b71ef718b902fad45d1
SHA1 hash: 6e476b93e5c888bd75269f9cbfa64569a01ea2aa
MD5 hash: 828a986fa96c38d9595e92eb5f6ae172
humanhash: hydrogen-oklahoma-charlie-lake
File name:Purchase Enquiry 6767.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:482'937 bytes
First seen:2020-10-27 08:46:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:siPpupVbQ48MIMCiL9xbhtV2Pps7g6+ARhGdKoS/8qO9Pe:sihkNwMPL95htV2Pps7T+DwoS/j7
TLSH A2A423FEEBE144F38F549E18DE9E5A21705043CBC2D5D3A8A513A39A522478B1CF6CB1
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: EUR06-VI1-obe.outbound.protection.outlook.com
Sending IP: 40.92.17.69
From: mahakanbar323@hotmail.com
Subject: Purchase Enquiry 6767
Attachment: Purchase Enquiry 6767.rar (contains "469nGuFQyVJyw0O.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a3ad97bcd5b7d1903e3b80b9a868569d0a8c4becc432f876c1e9c95996628d9/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 00:21:09 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bi5ns66nln6rsa7dxafzvbufnhikrrf6zrbs7b3md2ojlglgfdmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 0a3ad97bcd5b7d1903e3b80b9a868569d0a8c4becc432f876c1e9c95996628d9

(this sample)

Formbook

Executable exe 8e816e44eb6ebdc6b99876142caba3fc1f8a0633edec29e8c1ae3f57e1ca55c9

  
Dropping
MD5 5d835e5f1204b33ad2b2cda5313676aa
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e816e44eb6ebdc6b99876142caba3fc1f8a0633edec29e8c1ae3f57e1ca55c9

Comments