MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35c243bb4544232b11415b4b5cd187c79777a6e515b9fc13ffe21df1080b0091. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35c243bb4544232b11415b4b5cd187c79777a6e515b9fc13ffe21df1080b0091
SHA3-384 hash: f27ea739a06128cf3ddd0981787a2c915096558a9049f8ae8b1ac920b1c1e39bd78f4fc3f9c7b3b76cc2cf9792ae7f45
SHA1 hash: 611a83d55ad809f8425b6712b9bbed51e50d990b
MD5 hash: 3bee1e2240b90bdb50527c8159697d8c
humanhash: apart-mississippi-timing-india
File name:RFQ.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:709'553 bytes
First seen:2020-10-05 13:24:37 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:2Qz9WBESCCJeVnQBjE8ulyjSevb8iz5t/3X4lOWXVSHXh8L1:5W+CARkljSevQizLXlWoH6L1
TLSH 6CE4230F5F8071CDCB7E1A2A48EDDE2B85E74713AA40670ABEB46443BB7D40C09B595E
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: serve0.postalshipment.info
Sending IP: 192.119.92.221
From: Lena Al Yousaif <postalshipment.info>
Reply-To: vetpremm@gmail.com
Subject: Request For Quotation
Attachment: RFQ.arj (contains "RFQ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/35c243bb4544232b11415b4b5cd187c79777a6e515b9fc13ffe21df1080b0091/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-05 11:54:03 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gxbeho2fiqrswekblnfvzumhy6lxpjxfcw47ye774io7ccalaciq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/35c243bb4544232b11415b4b5cd187c79777a6e515b9fc13ffe21df1080b0091

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj 35c243bb4544232b11415b4b5cd187c79777a6e515b9fc13ffe21df1080b0091

(this sample)

Formbook

Executable exe 180c1029f70e0bc02acbd67fb8f8628b16dc896b6894fff0c1527247f1adaa85

  
Dropping
MD5 65ae19ef888184d91190948626959efc
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 180c1029f70e0bc02acbd67fb8f8628b16dc896b6894fff0c1527247f1adaa85

Comments