MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7069936f40fca7c573d2423584820ade796e886acdf17e9efbe3fc83c3beceb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7069936f40fca7c573d2423584820ade796e886acdf17e9efbe3fc83c3beceb6
SHA3-384 hash: 44646201fbb18bac1b430b9f97f4f0771beff1b74e095425931716881693e237923d659fdfee6f01a15579f04d5d2e7a
SHA1 hash: 4a5380cda404df7d4455129f4b6909e4b6d1ba07
MD5 hash: 06591aedd5184314357c0c8baa7458cc
humanhash: eight-alpha-cold-illinois
File name:QUOTATION.LZH
Download: download sample
Signature FormBook
Create hunting rule
File size:382'167 bytes
First seen:2020-06-29 07:18:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:WBTqByUV0t59ATt3mbnMbUgtS3yXV9jr3AQGEpiR0UI3pMiFzuswV1k6Em:WUBdm5WtwMwiXrrgUhui9wV1Ym
TLSH 318423BE7CA983E991D2CCC8A51E08546446C5AEDFA126CF1FC5684C623C6AFC531793
Reporter abuse_ch
Tags:FormBook lzh


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.tiantuct.com
Sending IP: 45.95.169.92
From: PMRG LTD<info@tiantuct.com>
Reply-To: fra_white33@yahoo.com
Subject: QUOTATION
Attachment: QUOTATION.LZH (contains "QUOTATION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7069936f40fca7c573d2423584820ade796e886acdf17e9efbe3fc83c3beceb6/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 07:20:06 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=obuzg32a7st4k46sii2yjaqk3z4w5cdkzxyx5hx34p6ihq56z23a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 7069936f40fca7c573d2423584820ade796e886acdf17e9efbe3fc83c3beceb6

(this sample)

FormBook

Executable exe 9586c7e95bd2c4807b9e946ac4fd97e646ac9dd52b4afc781fa85af04c7a92dd

  
Dropping
MD5 7d136173ee6ca3ead217c72410f365fe
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9586c7e95bd2c4807b9e946ac4fd97e646ac9dd52b4afc781fa85af04c7a92dd

Comments