MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d427217c9a5df1b0fcec58f815b81c38682255b431759b0bde301139d8ba9cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d427217c9a5df1b0fcec58f815b81c38682255b431759b0bde301139d8ba9cf
SHA3-384 hash: f309a98ce07883069fb75778ecf2c1325a3b2b2f76c1efe4725ccde9cc378623eee14f3231821bc2b1c0e92a366b47cf
SHA1 hash: bba668d5c069d77fcd6484476ae75451a0435623
MD5 hash: 13341f38b5ff390eda11d4b4565f959a
humanhash: mango-beer-sink-eighteen
File name:Request for quotation- Enquiry No55.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:549'579 bytes
First seen:2020-10-20 08:33:15 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:nq2h186SpFduvQH1izBD4H9qTiSY1UqgmYlDh:nqfzEm2BuAeS0Upm6
TLSH C5C423D0C95422BA5C263D374EAE90024F6A6EF1BB97CCC2487895DF04599D3CBE253B
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: longsbs.com.vn
Sending IP: 180.214.238.214
From: "Le Thi Hang (Ms)" <hang.le@longsbs.com.vn>
Subject: Fw: Request for quotation- Enquiry No55
Attachment: Request for quotation- Enquiry No55.rar (contains "Request for quotation- Enquiry No55.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d427217c9a5df1b0fcec58f815b81c38682255b431759b0bde301139d8ba9cf/
Threat name:
Win32.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 03:26:38 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bvbhef6juxprwd6oywhycw4byodiejk3imlvtmf54marhhmlvhhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0d427217c9a5df1b0fcec58f815b81c38682255b431759b0bde301139d8ba9cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 0d427217c9a5df1b0fcec58f815b81c38682255b431759b0bde301139d8ba9cf

(this sample)

Formbook

Executable exe e6d2c97461c6aac9ea130eaa96f9927b57998c04b5e7573a555caa729178a70c

  
Dropping
MD5 fc9af02d076b78651a901d8fdec5a0f9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6d2c97461c6aac9ea130eaa96f9927b57998c04b5e7573a555caa729178a70c

Comments