MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5884f402b5435929e409287e6abc8509bfcd73bee1f0923fec93addb0d37e98e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5884f402b5435929e409287e6abc8509bfcd73bee1f0923fec93addb0d37e98e
SHA3-384 hash: 0be5625e0e1dba7581d6d8ff553df18e38925882fe2f122043a2337dfb62cc083b8b7dee6acd007ccbb083da1ec46ecc
SHA1 hash: 8da5ba43b91abbcd7084f67a51492d5756640820
MD5 hash: 227a6e9d186b2850da29d689fd74931f
humanhash: paris-triple-alaska-glucose
File name:Scan_medcal equipment sample_pdf.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:339'234 bytes
First seen:2021-02-22 07:28:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:T+SVEtwOaGCUz2wC796X/Ko2OjIXeSDMPp6jAx8Kh39vgmpBEiWVbnGPPgK:T+qEwLw096XySIu4MPcM7vg5nGAK
TLSH 547423A947510FBCC9E1BA71022D27CC914DE339FA7A8842707412AE3B6DBDF6D8191C
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: core76.hostingmadeeasy.com
Sending IP: 66.219.22.41
From: Gulf Medical co ltd <gulfmed@gulfmedical.com>
Subject: Urgent Medical Equipment Order
Attachment: Scan_medcal equipment sample_pdf.rar (contains "Scan_medcal equipment sample_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5884f402b5435929e409287e6abc8509bfcd73bee1f0923fec93addb0d37e98e/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 07:29:19 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lccpiavvinmstzajfb7gvpefbg7424564hyjep7msow5wdjx5gha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 5884f402b5435929e409287e6abc8509bfcd73bee1f0923fec93addb0d37e98e

(this sample)

FormBook

Executable exe a1db821171c7bd2950fad26899fbbc88c787f0cc7d869ee9b29f86bf09ebb92b

  
Dropping
MD5 fa169ce3899672e5acdf6819b28df0dc
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a1db821171c7bd2950fad26899fbbc88c787f0cc7d869ee9b29f86bf09ebb92b

Comments