MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 254abf1ed9c57c481fbfc77ab9dd7cdbb0c14a94de129c74485976e728c9de50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 254abf1ed9c57c481fbfc77ab9dd7cdbb0c14a94de129c74485976e728c9de50
SHA3-384 hash: 430670583f11e4e8aedff3bc54091bd6337843a83b815bfa0f0d64a3a1b218b90cf61be0563eae1fec913e57eef28557
SHA1 hash: a0dd94f3316d6ca07547e44b56a59f05294f8ede
MD5 hash: 78f4a65fc25a45def1dd8d2459361453
humanhash: undress-thirteen-minnesota-violet
File name:ORDER 0001.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:2'950'745 bytes
First seen:2021-01-13 20:06:44 UTC
Last seen:2021-01-14 08:34:56 UTC
File type: rar
MIME type:application/x-rar
ssdeep 49152:hF9G9xccHXMii7pINzZuDNV+vCNwfZ/sZSco7jFtTHiJbD5dHSVTn0lNBG4/9tfV:fI96co7p2F4NAKNwBsGjATSVT0lNzzwI
TLSH 3CD533C5D0144BCCA4E274743EFDDC49F7BB48DAB4AFF579A6132016A88F8A67029C85
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alone.com
Sending IP: 139.99.74.222
From: Molino San Paolo <gallo@molinosanpaolo.it>
Subject: ORDER 8809-0001
Attachment: ORDER 0001.rar (contains "BLESSINGS.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/254abf1ed9c57c481fbfc77ab9dd7cdbb0c14a94de129c74485976e728c9de50/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=evfl6hwzyv6eqh57y55ltxl43oymcsuu3yjjy5cilf3ookgj3zia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/254abf1ed9c57c481fbfc77ab9dd7cdbb0c14a94de129c74485976e728c9de50

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 254abf1ed9c57c481fbfc77ab9dd7cdbb0c14a94de129c74485976e728c9de50

(this sample)

Formbook

Executable exe d0b62e121a89ba8e44b4b71a887dd80df1e4fc746dabc200854622e9ed1fa8cb

  
Dropping
MD5 30cb872994e8a0a4a635b06bfbe38006
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d0b62e121a89ba8e44b4b71a887dd80df1e4fc746dabc200854622e9ed1fa8cb

Comments