MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d204ec45c6f5568a3133795ca6e1622514ba7267e543155d16f2df83a835d8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d204ec45c6f5568a3133795ca6e1622514ba7267e543155d16f2df83a835d8b
SHA3-384 hash: a4a73ab7d937038b50a9254caba8593a1863989fbf28c9d6b11a97da2ce561e3b3520d13a152cde447422128bcbc00ba
SHA1 hash: 200d051b4a47c75c613daa3a481f62fc53854daf
MD5 hash: b951f812a495f446e18e75b62d5eaf0f
humanhash: network-mango-stream-alpha
File name:BBC Raise, Thorco Reef and BBC Regalia.pdf.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:751'304 bytes
First seen:2020-06-16 05:37:13 UTC
Last seen:2020-06-16 09:04:11 UTC
File type: arj
MIME type:application/x-rar
ssdeep 12288:/u3EbJHvjuT5qLD5MmDXkspT4Zpjam/f80YnfsFSVTsCKGZpl0R2BZh0+Zv/yO:W3WjjlMmDXkGUjaGk0YUAtsOZMk5J
TLSH FDF4235081037C32983AE88C5E51D5D4EBB959C89F754ECCDCA457EEE20EF1502AEAF4
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.emsbd.com
Sending IP: 202.40.181.229
From: ChinPhil Marine Services <s.juaniza@chinphil-marine.com>
Reply-To: s.juaniza@chinphil-marine.com
Subject: 3 R TYPE VESSELS BBC Raise, Thorco Reef and BBC Regalia afloating repair at shipyard
Attachment: BBC Raise, Thorco Reef and BBC Regalia.pdf.arj (contains "BBC Raise, Thorco Reef and BBC Regalia_pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:39:02 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=huqe5rc4n5kwriytg6k4u3qwejiuxjzgpzkdcvorn4w7qoudlwfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj 3d204ec45c6f5568a3133795ca6e1622514ba7267e543155d16f2df83a835d8b

(this sample)

Formbook

Executable exe f374ef5b2acdbfd1d6b05763372c2b90e4075d1ea25ec9aaac6368bd06826d26

  
Dropping
MD5 3e4f231cf50032802586da158fdb5b80
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f374ef5b2acdbfd1d6b05763372c2b90e4075d1ea25ec9aaac6368bd06826d26

Comments