MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4becafe8d2b0793ae916d3a3a0d0e59d92408cb0e75640fbcaa6affafa2aca2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4becafe8d2b0793ae916d3a3a0d0e59d92408cb0e75640fbcaa6affafa2aca2b
SHA3-384 hash: a1f0f06b67598cefe88e65320b94bb946cf0f273a62f088a6345e448c66a4a46c97245f16e1d1fe0ba6127da0087921f
SHA1 hash: de80880d1dc3eaff3bd1d7f7a68217021d2f896b
MD5 hash: 64dd604d05335508c3e7f23fba5fe2ce
humanhash: september-may-two-arizona
File name:umbrella.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:359'102 bytes
First seen:2020-10-14 15:16:10 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:peWbduMoWp01KCY3o+cD2tMSM8y8ZF9Z8ZN86lHQrwjnYTMyubrv79D3yjsn:peMGWy1E3RcquSDdZF0N86ZHjnoMTwK
TLSH 9B7423C38BC27D3B4E601A927D36AB79CBAA4C44F54687822D6057C9275D35331BEE32
Reporter abuse_ch
Tags:FormBook Outlook r00


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: EUR06-AM7-obe.outbound.protection.outlook.com
Sending IP: 40.92.16.74
From: Aurelien Rinadi<beau.nuagee@hotmail.com>
Subject: Order for Umbrella
Attachment: umbrella.r00 (contains "p027639.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.589.8865.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4becafe8d2b0793ae916d3a3a0d0e59d92408cb0e75640fbcaa6affafa2aca2b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-14 08:28:34 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jpwk72gswb4tv2iw2or2buhftwjebdfq45leb66ku2x7v6rkzivq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4becafe8d2b0793ae916d3a3a0d0e59d92408cb0e75640fbcaa6affafa2aca2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 4becafe8d2b0793ae916d3a3a0d0e59d92408cb0e75640fbcaa6affafa2aca2b

(this sample)

Formbook

Executable exe 5c5f5e9cd06c7c7da03edfc2cd3dd6d45cfdcb5fe1b8e1fbb26fa63c264eb3b6

  
Dropping
MD5 ac1b7bad52fe685636ade99c1c206f97
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c5f5e9cd06c7c7da03edfc2cd3dd6d45cfdcb5fe1b8e1fbb26fa63c264eb3b6

Comments