MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4716b0e1a2f17b304b1b6e90b0e7c8f2dfb87deaf33ea9bda3ca546953f5d29a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4716b0e1a2f17b304b1b6e90b0e7c8f2dfb87deaf33ea9bda3ca546953f5d29a
SHA3-384 hash: f6f6d692b9b9172dc872978d5b7a55d456aa335095e940ea2860d4a06c303ee3174fb5374640fc3a78fa58374aa305a3
SHA1 hash: 5bfdd36377970616d364caaf06249d9c9863f314
MD5 hash: 4f1b1cd8a9db5f3c483dce67bd32c7b3
humanhash: blue-seventeen-cold-robert
File name:payment delay.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:605'415 bytes
First seen:2020-11-10 08:47:45 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:i3VjIjEMjcDxAvDRMNHhBF4jIWpCrSNqWsZUCum6wimhBywJ:iVIexAvVMN/F4jIWErSNqhSCumWwJ
TLSH 85D4234DA721CBFE4EFAE7B64B870FB8D1160A4CF946D0469A8B5C99CFFD590B442018
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: arnimech.com
Sending IP: 103.133.107.14
From: grb@arnimech.com
Subject: Reason for payment delay.
Attachment: payment delay.r00 (contains "payment delay.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4716b0e1a2f17b304b1b6e90b0e7c8f2dfb87deaf33ea9bda3ca546953f5d29a/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-11-09 23:57:55 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i4llbync6f5tasy3n2ilbz6i6lp3q7pk6m7ktpndzjkgsu7v2kna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 4716b0e1a2f17b304b1b6e90b0e7c8f2dfb87deaf33ea9bda3ca546953f5d29a

(this sample)

Formbook

Executable exe 598bcdbe4c3e21a17a48d44dc03640f90643d1a03549ec429c7f96fd48e6a7ea

  
Dropping
MD5 4bafb22b682ee87cf5e37584055161fc
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 598bcdbe4c3e21a17a48d44dc03640f90643d1a03549ec429c7f96fd48e6a7ea

Comments