MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21d262f859463a81194b9413df0e92001b0219aeafccaade063ee1c08b919bbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21d262f859463a81194b9413df0e92001b0219aeafccaade063ee1c08b919bbe
SHA3-384 hash: 3e4b8832e6308184cc8fde9042bc5d74d39f0e4f41cb63c734578912745aa131b110d91956758e5c1e3c2b83453ba996
SHA1 hash: 10457ffbc2fd31ebe3bad381541055df1b76cfad
MD5 hash: 5b68d432493edafebee1b3ffa4d36e65
humanhash: sodium-music-river-chicken
File name:SKM Teklif scanned.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:2'980'657 bytes
First seen:2020-12-09 11:05:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:bTBXZNrOL7YqrR+4TvqMVyB7OnoostZm6YkIctAfI+WA5NLFG+qLEuoNpagfka2d:3BXZUFN+4TKQooimJteG5vG+qLeagli/
TLSH 8ED533FB3319A2001AC6DBEF925F5BC527BE52A41820CD631E527F29D66FD4E42884DC
Reporter abuse_ch
Tags:FormBook geo rar TUR


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: racinformatica.infortelecomhosting.com
Sending IP: 84.246.211.222
From: Tolgahan KARAYEL <tkarayel@alfaglb.com>
Subject: SON HATIRLATMA!! vadesi gelen ödeme
Attachment: SKM Teklif scanned.rar (contains "proceed.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.13068.31179.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/21d262f859463a81194b9413df0e92001b0219aeafccaade063ee1c08b919bbe/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ehjgf6cziy5icgklsqj56dusaanqegnov7gkvxqgh3q4bc4rto7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/21d262f859463a81194b9413df0e92001b0219aeafccaade063ee1c08b919bbe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 21d262f859463a81194b9413df0e92001b0219aeafccaade063ee1c08b919bbe

(this sample)

Formbook

Executable exe 4eeaba527b08d6bb416b12c6c2b7b4d559fceb65d0a7173839a63a74acc0f558

  
Dropping
MD5 eb87faad8a3257ed0639fe97aa137150
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4eeaba527b08d6bb416b12c6c2b7b4d559fceb65d0a7173839a63a74acc0f558

Comments