MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c7faf09a08c8837c181446a3aeaafb4be317613532f913e6624267e07453230. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c7faf09a08c8837c181446a3aeaafb4be317613532f913e6624267e07453230
SHA3-384 hash: fca23e9598ad381e5aab3b3dd6b3c0490c7fb58a6d5b7297a1c84b7b712670eca15e9434f73f440656aaf7271cf24f2c
SHA1 hash: 0c9779f78929afff0ef53b22e63a6eb9df5a0224
MD5 hash: 7e8107df33e1965bec43bbc0fd1a2d1e
humanhash: chicken-orange-echo-harry
File name:000021.r00
Download: download sample
Signature FormBook
Create hunting rule
File size:965'976 bytes
First seen:2020-08-17 19:00:21 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 24576:eC1JNGGbEieAzGPIb8VxkyzuCYU+O157zWkap+/O:eC1PhCPIIknCJ+O1p1m
TLSH 192523F68E01369E25C455EFDF3F1680D0B18D70BDA7AACA69077ABC022139167906F7
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: xv20.513.pinotvineryms.cf
Sending IP: 157.245.108.244
From: Jose Sanchez Calanche <merchandiser2@gemtexltd-bd.com>
Subject: Transmission Approved
Attachment: 000021.r00 (contains "000021.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c7faf09a08c8837c181446a3aeaafb4be317613532f913e6624267e07453230/
Threat name:
Win32.Trojan.Vasal
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 10:53:05 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nr726cnarsedpqmbirvdv2vpws7dc5qtkmxzcptgeqth4b2fgiya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6c7faf09a08c8837c181446a3aeaafb4be317613532f913e6624267e07453230

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 6c7faf09a08c8837c181446a3aeaafb4be317613532f913e6624267e07453230

(this sample)

FormBook

Executable exe 9cd4df25010125f2ef3eeef44503b3c2b58435af758fe7213d053a60f018f3d8

  
Dropping
MD5 e1982141c06e7fab8f93001329630edb
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9cd4df25010125f2ef3eeef44503b3c2b58435af758fe7213d053a60f018f3d8

Comments