MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63eb81aab46fec3c461050bfa0031eb6a170681a54b32270f5741cf2a30fa724. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63eb81aab46fec3c461050bfa0031eb6a170681a54b32270f5741cf2a30fa724
SHA3-384 hash: dcee005c94d83082657f556acc71999dbbbd783d8357b0055205a2e6fbde1322811638d5445ebfe1f6b611722500d29b
SHA1 hash: 4b6d33cf6a91147635c906cd345d641f6402afda
MD5 hash: 123048a77a426c783aeb9bca4f114304
humanhash: oscar-potato-black-equal
File name:필요한 목록 첨부.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:261'991 bytes
First seen:2021-01-18 08:29:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:01pll4bCCMP8FYRUGAJ73OKAQgWM2yF7FNsGQPLn:07llo7k8FYvajHi2gFN4
TLSH C1442325BB03E9D8B3CD253AF31A1C2810CCDA527BF9B53AD01AA2D8D4677584797389
Reporter abuse_ch
Tags:FormBook geo KOR rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: Kin <k.sehee@asi.or.kr>
Reply-To: k.sehee@asi.or.kr, enquiry@asi.or.kr
Subject: 필요한 목록 첨부
Attachment: 필요한 목록 첨부.rar (contains "ins.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/63eb81aab46fec3c461050bfa0031eb6a170681a54b32270f5741cf2a30fa724/
Threat name:
Win32.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 05:40:08 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mpvydkvun7wdyrqqkc72aay6w2qxa2a2kszse4hvoqopfiypu4sa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/63eb81aab46fec3c461050bfa0031eb6a170681a54b32270f5741cf2a30fa724

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 63eb81aab46fec3c461050bfa0031eb6a170681a54b32270f5741cf2a30fa724

(this sample)

Formbook

Executable exe 9e15ebbf48baef0f33c9ceb2e69566ec71d77271270a65dc5a7cf19a450f1a62

  
Dropping
MD5 627e1b3240a17fdec14472db377f468b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9e15ebbf48baef0f33c9ceb2e69566ec71d77271270a65dc5a7cf19a450f1a62

Comments