MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ad7356305efb03bf2f5b8912e9c210cb4a09f21775ec3b2e104eaa1e543949c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ad7356305efb03bf2f5b8912e9c210cb4a09f21775ec3b2e104eaa1e543949c
SHA3-384 hash: b8a0e0224657c694c9f736e558294363251b7c9fd7cebb854de5540ef1eb87b813a44d6068b844f0468b62beca586c9e
SHA1 hash: 5e84f02784d78a288c9db7b4d6267791c3eb37bd
MD5 hash: 0bcf585a056f4c40f42cbaabaf602fcf
humanhash: skylark-pluto-west-ack
File name:ORDERCONFIRMATION_PDF.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:640'813 bytes
First seen:2020-10-23 06:58:36 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:F/AI8z+pEqJGx3ikdAFldam09OE0EJVvQGzRSazYUAid9WDhhH7Sj2xllDsOEEs:F/AIU+j82Gm0VvbRRk/idwH+WlYOa
TLSH 5ED423AD1D57EDA3744426AC5CCB62158BAFAA82DD02F7EDBD68C7D2B1D31407288433
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mx01-mpm-mz.clubnet.mz
Sending IP: 41.223.152.49
From: Seacon Ships Management Co.Ltd <seaman@seaconstar.com>
Reply-To: seaman@seaconstar.com
Subject: RE: Purchase order confirmation and proforma invoice..
Attachment: ORDERCONFIRMATION_PDF.arj (contains "ORDERCONFIRMATION_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ad7356305efb03bf2f5b8912e9c210cb4a09f21775ec3b2e104eaa1e543949c/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=flltkyyf56ydx4xvxcis5hbbbs2kbhzbo5pmhmxbatvkdzkdssoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj 2ad7356305efb03bf2f5b8912e9c210cb4a09f21775ec3b2e104eaa1e543949c

(this sample)

Formbook

Executable exe 46c3ab59682596a8e030fb0bad3d31c59e502f68b9f3c112309edd82d27513c3

  
Dropping
MD5 e56a004774e982873bb36a19fd00df17
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 46c3ab59682596a8e030fb0bad3d31c59e502f68b9f3c112309edd82d27513c3

Comments