MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b3f1e4f2002d4582de37be0c1fb7614c7bf04ea20d2af3c37b8f8142c763593. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b3f1e4f2002d4582de37be0c1fb7614c7bf04ea20d2af3c37b8f8142c763593
SHA3-384 hash: 89745d3a7d3030b9d332ed997520a12c94755e0c6aba3c6a5aeacbea992738e827ce54bd84d5311b87dc98a1cab5cbfa
SHA1 hash: 886846697da785ffbb71377d1662da6d64d678c9
MD5 hash: f70455f02a488a7282e29fb9e43c7bd7
humanhash: nine-august-winter-november
File name:20210111140930669.cab
Download: download sample
Signature Formbook
Create hunting rule
File size:605'410 bytes
First seen:2021-01-11 09:00:06 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:5F3epI+hUfANyZXCiwJyRd1Odzko3m1T2unJ1ccrs23LsNZIlKSp1ViTXY:5de+f7ZyiwJynyzG1/nTealzLiTXY
TLSH EDD423317BCBC85BEA6215DBDC569E672C97B880E8F73BE8E0D4F5899A8705201C2148
Reporter abuse_ch
Tags:cab FormBook geo KOR


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail-smail-vm87.hanmail.net
Sending IP: 211.231.106.162
From: 권성록 <kss0422000@hanmail.net>
Subject: 견적문의 드립니다.(권성록 입니다.)
Attachment: 20210111140930669.cab (contains "20210111140930669.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b3f1e4f2002d4582de37be0c1fb7614c7bf04ea20d2af3c37b8f8142c763593/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lm7r4tzaalkfqlpdppqmd63wctd36bhkedjk6pbxxd4bildwgwjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5b3f1e4f2002d4582de37be0c1fb7614c7bf04ea20d2af3c37b8f8142c763593

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

cab 5b3f1e4f2002d4582de37be0c1fb7614c7bf04ea20d2af3c37b8f8142c763593

(this sample)

Formbook

Executable exe 1b6a34ba043c45cfc63367a5a35d3c58b074d723c666d018b3c4c0d950e42b40

  
Dropping
MD5 55a9f49ac7b18c445a01aa766954a68d
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b6a34ba043c45cfc63367a5a35d3c58b074d723c666d018b3c4c0d950e42b40

Comments