MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 452d492a2c16a00692ee46024d317cb88f36a06ba858b656e3a175828b393407. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 452d492a2c16a00692ee46024d317cb88f36a06ba858b656e3a175828b393407
SHA3-384 hash: 15e1d492ccf565da965ed75faa92d9a73e907b8b1eeb27df4be1d8bec1ad7d029e5efc7603e5c149f203ed4a1f8a03f8
SHA1 hash: 75ef1afc698ffd8bc259786aba62613c138aee84
MD5 hash: e9b29bc0038e931bbe53ab53c9249222
humanhash: nebraska-magnesium-illinois-don
File name:YFAI Tender drafts.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:239'093 bytes
First seen:2020-05-27 06:57:20 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:KbjxhzV+LhqcmyhSDsSxp+JLr6eUZC2zpgHlnzPA9Ri9:KbjPD/yhWv+xr7UXUVPA9I9
TLSH 28342212533FADDB16962B56FE747DFDBC4B4C1920E48E88B68C9CE3A13788015E7808
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing Formbook:

From: "Marc Weinmann" <marc.weinmann@vem-ltd.com>
Subject: RE: project from YFAI m
Attachment: YFAI Tender drafts.gz (contains "YFAI Tender drafts.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:14:46 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 452d492a2c16a00692ee46024d317cb88f36a06ba858b656e3a175828b393407

(this sample)

Formbook

Executable exe 2b62f1799021ec3671db2883f808f73b3ba1970abb8c76eff529f2b32250c333

  
Dropping
MD5 655df684fc05572dad326fe54004624c
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b62f1799021ec3671db2883f808f73b3ba1970abb8c76eff529f2b32250c333

Comments