MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17860814e8bd76c17950f886ad9de46cea5d891c4144f7e47f1a64d990e152c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17860814e8bd76c17950f886ad9de46cea5d891c4144f7e47f1a64d990e152c1
SHA3-384 hash: 70898fade33bf72202106cbf8bea811e72b77a5bb6d2605f708f6debb94f0fe1f89fa2ca4a0557f380127e51b741a5ea
SHA1 hash: 7bcbd64e6a0020967d3881baec989eaecb19606f
MD5 hash: fb111186a13baae8436018acb8f85c7f
humanhash: kansas-violet-don-edward
File name:doc094.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:251'375 bytes
First seen:2020-06-06 10:01:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Q5I0rsYr0TAtYTtNpOlouJzDqgIUPDAgD2:Qa0P0NNp5usgJrHD2
TLSH 20342276840CDDF985B11F8701729B768326BC2CE5942EE4D0D9C46B26AE28790633FF
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sonic305-21.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.241.84
From: COMMERCIAL TRADING <trading.commercial@yahoo.com.sg>
Subject: FW: Payment Transfer
Attachment: doc094.rar (contains "doc094.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 07:38:27 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c6daqfhixv3mc6kq7cdk3hpentvf3ci4ifcppzd7djsntehbklaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 17860814e8bd76c17950f886ad9de46cea5d891c4144f7e47f1a64d990e152c1

(this sample)

FormBook

Executable exe aa3a6c0efb81498bfda5ebc1319154af99114b3184a9dffd5924e778b25b1ab9

  
Dropping
MD5 aa4728fc8d920e596570904225ffaeca
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa3a6c0efb81498bfda5ebc1319154af99114b3184a9dffd5924e778b25b1ab9

Comments