MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30b26893371cf9294044ee21b14993ca51578be22d196eb24b0fcb3125cc8dab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30b26893371cf9294044ee21b14993ca51578be22d196eb24b0fcb3125cc8dab
SHA3-384 hash: 5c751d3bebf7c14a659eacff5147db242f0233108f70a77fb03bea1b5c658b3922af3e543a8f5dc1bde3782970593d4b
SHA1 hash: e5015ec1dde6ecd8e40c7e4b51cf64484f4b4213
MD5 hash: b435c732fcd0e578b52203a0adb5d31e
humanhash: mango-jig-may-kilo
File name:New order pdf.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:194'908 bytes
First seen:2021-01-06 07:28:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:h9+kFqqHy692+gLRmVh7xne9EnpO96pUYLhhEDC8lZulHBatvdO1WBDN68:D+kFY6kQhw+pO96pUihED5OaZv9N68
TLSH F414122D79A037E56BB2E8A91394693B8758120C19B33DC3057F3CC2165BE7D712616E
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.123host.iq
Sending IP: 185.76.34.219
From: Kumar,Mehmet <sales@ydgls.com>
Reply-To: tac.tacky@mail.com
Subject: AW:New Order
Attachment: New order pdf.rar (contains "inv.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30b26893371cf9294044ee21b14993ca51578be22d196eb24b0fcb3125cc8dab/
Threat name:
Win64.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-06 07:29:10 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gczgrezxdt4ssqce5yq3csmtzjivpc7cfumw5mslb7ftcjomrwvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/30b26893371cf9294044ee21b14993ca51578be22d196eb24b0fcb3125cc8dab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 30b26893371cf9294044ee21b14993ca51578be22d196eb24b0fcb3125cc8dab

(this sample)

Formbook

Executable exe e972280a082b78255426343527eb04b724122122cbea086ee5c55958d90ba138

  
Dropping
MD5 d5aa2dec56cda4b0b7a8c139ffb0b3b8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e972280a082b78255426343527eb04b724122122cbea086ee5c55958d90ba138

Comments