MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 648ac703482b256b1de4eda2da5ac3b1bdd900cb0c65a9deca11a0710d4e7807. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 648ac703482b256b1de4eda2da5ac3b1bdd900cb0c65a9deca11a0710d4e7807
SHA3-384 hash: ee5616c51ed5d50fb949fedb3cc6ef4a1b05a45aead0bf3c1acf7f4e7e9bf1e8f4330038bf2d9f41c036316a91911ab5
SHA1 hash: 6ad4aed720e62ef6f3cb3a7827ec1cc717af508d
MD5 hash: e55feab9929faf3904d1861f99ec8298
humanhash: april-fillet-pluto-early
File name:NEW ORDER_PDF.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:198'325 bytes
First seen:2021-03-22 07:32:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:sDDsKBSHKSAfwMgTtntcAUmGL6+Hz8eSX:sDwpq5wzpqAZi6+Hz8eSX
TLSH 201412D15518FB6D2B08A16FF69E1CDCBBE72A225A99DA20A023FCD6FC305F5D710018
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.blue-ex.com
Sending IP: 67.222.30.165
From: Pan Asian Marine(Shanghai) Corp., Ltd <tancc@richfield.com.sg>
Reply-To: tancc@richfield.com.sg
Subject: ***TOP URGENT***NEW ORDER QUOTATION
Attachment: NEW ORDER_PDF.rar (contains "NEW ORDER_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/648ac703482b256b1de4eda2da5ac3b1bdd900cb0c65a9deca11a0710d4e7807/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 07:33:57 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=msfmoa2ifmswwhpe5wrnuwwdwg65saglbrs2txwkcgqhcdkopadq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/648ac703482b256b1de4eda2da5ac3b1bdd900cb0c65a9deca11a0710d4e7807

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 648ac703482b256b1de4eda2da5ac3b1bdd900cb0c65a9deca11a0710d4e7807

(this sample)

Formbook

Executable exe d8de6668573d3ceb90b6794ad11ce332f7d7ece1d4cc1c40b2279ebcdc71b5dd

  
Dropping
MD5 8fd07da63c91f09f36c2f328cbb65db8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d8de6668573d3ceb90b6794ad11ce332f7d7ece1d4cc1c40b2279ebcdc71b5dd

Comments