MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17f1b0effe0171ddaa01408540a12c6dee022526c139580f6b373bf91cf51370. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17f1b0effe0171ddaa01408540a12c6dee022526c139580f6b373bf91cf51370
SHA3-384 hash: c9dae80a495fd701ff489f155547eb58aa99035ed17b31f4ee50020b813e9b55beb90cea618c679716777fcad822e66f
SHA1 hash: 74d0849763f4332324440ba34e6fe358cf193780
MD5 hash: 1dfc9c9c7d5bc50fc3814f68d5c9182e
humanhash: vegan-solar-equal-berlin
File name:payment COPY.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:2'910'812 bytes
First seen:2021-01-13 20:14:26 UTC
Last seen:2021-01-14 07:50:29 UTC
File type: rar
MIME type:application/x-rar
ssdeep 49152:rpQoqirDsFF8YSnZQwrgkDJGFB9Ae+99kTGSncjnlbzGWNAZ4K0m9zxcJ:rVsmlrJJGFBhs2GSncLlb6WS4Ky
TLSH DBD533D6DA29702C683F2CF974CE4F41A48EA8D2344E3199E1D643EB553A728F5E450B
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: alone.com
Sending IP: 139.99.74.222
From: Molino San Paolo <gallo@molinosanpaolo.it>
Subject: TT REMITTANCE $176,200.00
Attachment: payment COPY.rar (contains "HOPEFUL.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17f1b0effe0171ddaa01408540a12c6dee022526c139580f6b373bf91cf51370/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-13 17:08:00 UTC
AV detection:
4 of 29 (13.79%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c7y3b376afy53kqbiccubijmnxxaejjgye4vqd3lg457shhvcnya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/17f1b0effe0171ddaa01408540a12c6dee022526c139580f6b373bf91cf51370

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 17f1b0effe0171ddaa01408540a12c6dee022526c139580f6b373bf91cf51370

(this sample)

Formbook

Executable exe 7c8f873fc34661a785875f76a1f3b1aff6719e69d2a4ea5d2d94f849282b623a

  
Dropping
MD5 9c15af175868121cc014666189d52dae
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c8f873fc34661a785875f76a1f3b1aff6719e69d2a4ea5d2d94f849282b623a

Comments