MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 357bf78b852e143d3c42f4444d52a7332493ad2b460d1f5a9792421a2cf8ee41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 357bf78b852e143d3c42f4444d52a7332493ad2b460d1f5a9792421a2cf8ee41
SHA3-384 hash: 47edc13bfe39fea5870812ea2cb08df049fcf4d5540af76e42db1a17fc2d9ab9303b3a7a40e331761d306a556e471c01
SHA1 hash: d9f9b0e5ef50cab65793ddc0317787e7e511917f
MD5 hash: 27dc8e652d43309178ce044a6409ed0b
humanhash: pizza-finch-enemy-chicken
File name:MT SKY PHOENIX V-915-8227-3214_pdf.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:991'737 bytes
First seen:2020-05-04 17:23:05 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:1w5p6d6EvEkftRqkz5fi4s1zTu443nNQOEN8Ll9BNh2J18CnfttwYFinmSfVZPF:mPC6Eckrb1NsETuqTBiJuCnltjxy
TLSH 2D253302A0A95A1FD4727439B3A105753BE90BC86CD964D9AD7DA2F1C2D3BE3D18C17C
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: vps-164633.systegron.com
Sending IP: 162.241.107.77
From: SEVEN SEAS SHIPPING CO., LTD. <noguchi@sevenseas.co.jp>
Reply-To: noguchl@sevenseas.co.jp
Subject: Re: REQUEST FOR QUOTATION //MT SKY PHOENIX// V.915 8227 3214
Attachment: MT SKY PHOENIX V-915-8227-3214_pdf.arj (contains "MT SKY PHOENIX V-915-8227-3214_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 17:35:58 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gv57pc4ffykd2pcc6rce2uvhgmsjhljliygr6wuxsjbbulhy5zaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 357bf78b852e143d3c42f4444d52a7332493ad2b460d1f5a9792421a2cf8ee41

(this sample)

FormBook

Executable exe db56fde2a4c2ad1841253b53a7dfde2da3a081c444cbc1180f4ac8068fcd9bb5

  
Dropping
MD5 a8853cf22d70b0fad3ff9e7a6bd2c8fa
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db56fde2a4c2ad1841253b53a7dfde2da3a081c444cbc1180f4ac8068fcd9bb5

Comments