MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58d5495c7ea46fb657fdaf591698d93665f9846c77cf0e2033fb4205dd6302f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58d5495c7ea46fb657fdaf591698d93665f9846c77cf0e2033fb4205dd6302f9
SHA3-384 hash: 55b004b0963906776159aac973461afcac4b80808645610dc188de1e77425ad202c2706c04d3cf7f6d2c739110fd7403
SHA1 hash: affe4de08f27fe5925fa9fc8c97c5c8f22a9501a
MD5 hash: 21f00468a0ec7e50fa61d9a64c9d4b85
humanhash: nine-eleven-twelve-skylark
File name:documents.r03
Download: download sample
Signature FormBook
Create hunting rule
File size:299'926 bytes
First seen:2020-07-07 09:06:19 UTC
Last seen:Never
File type: r03
MIME type:application/x-rar
ssdeep 6144:zCiQVVgrDj4oWkvzEm4H9u3XFZPnTMWXSjx4nPfdNpBdFa6FOKhfP:zMXADEoZZXvPnlXSjSflPplfP
TLSH F3542306C0199CE1228748B9E3E3A7213BE3014DE5A2D5177EAC8A746563F036F6DBCD
Reporter abuse_ch
Tags:FormBook r03


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: checkpt.com
Sending IP: 103.125.191.31
From: Jasim Uddin <Jasim.Uddin@checkpt.com>
Subject: Delivery Notice
Attachment: documents.r03 (contains "documents.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58d5495c7ea46fb657fdaf591698d93665f9846c77cf0e2033fb4205dd6302f9/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:08:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ldkusxd6urx3mv75v5mrnggzgzs7tbdmo7hq4ibt7nbalxldal4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r03 58d5495c7ea46fb657fdaf591698d93665f9846c77cf0e2033fb4205dd6302f9

(this sample)

FormBook

Executable exe 9c7b335e031c3c2fde1e7d75cbe08bd0951b0cb8a327fa4bd3e54c4c59d32936

  
Dropping
MD5 ad79a994c52c067e68f068c32b333d19
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c7b335e031c3c2fde1e7d75cbe08bd0951b0cb8a327fa4bd3e54c4c59d32936

Comments