MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a210134e29386d69131a7d54c33f2d316bd5982e02263d8775eef65238ef5e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a210134e29386d69131a7d54c33f2d316bd5982e02263d8775eef65238ef5e0
SHA3-384 hash: f875624a87156a28c3f2de476c225d2d84903524f69b38abfad5c2e2d7f39e1786b93312afea8467196e6603de75946f
SHA1 hash: 0d699f2fbc2efa9a6cc5e365013c25e179870be8
MD5 hash: 6596ff9cf166b2a5c9b682d1f27cf14f
humanhash: kansas-mirror-arkansas-bulldog
File name:Order Specifications With RefBreveT0326B96.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:573'889 bytes
First seen:2020-12-03 17:43:13 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:kpN2UjCFDlrcdlpDYatqSVwhtSOG8dAb+NPaWrDtjnP:kuUjirc1DYatqmoZPaWlDP
TLSH 53C42302CDB01A7EA2624502839101ED37DC3799557A9B2857333FA8DA6C8CEB95D3F7
Reporter abuse_ch
Tags:7z FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: irest.pt
Sending IP: 51.210.39.162
From: Breve-Tufvassons sp. z o. o.<breve.pl@hotmail.com>
Subject: Re:RFQ Request for New Quotation With Refrence: Breve#T036B96
Attachment: Order Specifications With Ref BreveT0326B96.7z (contains "Order Specifications With Ref Breve#T0326B96.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a210134e29386d69131a7d54c33f2d316bd5982e02263d8775eef65238ef5e0/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-03 17:44:25 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=liqqcnhcsodnnejru7kuym7s2mll2wmc4arghwdxl3xwki4o6xqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5a210134e29386d69131a7d54c33f2d316bd5982e02263d8775eef65238ef5e0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 5a210134e29386d69131a7d54c33f2d316bd5982e02263d8775eef65238ef5e0

(this sample)

Formbook

Executable exe fae0d4f26493a2d9df5dc67b6381f9580105f20d0c7a2d9e668f66d5e332e0aa

  
Dropping
MD5 cc8a31ebced026a3d557869a3dc850c8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fae0d4f26493a2d9df5dc67b6381f9580105f20d0c7a2d9e668f66d5e332e0aa

Comments