MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f7e84e602506931f1429c50dea18666d20851d26a083a7a8351d2360498dc66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 3f7e84e602506931f1429c50dea18666d20851d26a083a7a8351d2360498dc66
SHA1 hash: 80df39d15f8cbfe5c529c851f90e1ec162674a3a
MD5 hash: ec5bdc1349ab1d1fbc5d952d080f1fbf
File name:RFQ.22.05.2020.rar
Download: download sample
Signature FormBook
File size:269'884 bytes
First seen:2020-05-22 13:55:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:lTvSg/b5yxfoWJitWLFSrbgwsohPhGMNg0t4Sa:lyxwW6WJSH33YMNg0t4Sa
TLSH AC44131DFAD75A9250185DFF0DEEEAFBA509FC7ECE45C916C1E78A24003AC8C0583926
Reporter @abuse_ch
Tags:FormBook rar


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: vmi339081.contaboserver.net
Sending IP: 62.171.133.25
From: Cang Sales Manager (MULTI SERVICE LLC) <info@movingcargologistics.com>
Reply-To: smulti996@yahoo.com
Subject: products inquiry
Attachment: RFQ.22.05.2020.rar (contains "RFQ.22.05.2020.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 24.19%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 3f7e84e602506931f1429c50dea18666d20851d26a083a7a8351d2360498dc66

(this sample)

  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments