MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75f68c5368c39ccdf5449fbc375123a23558b71ae2d50779e23a7f4cffaa34d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75f68c5368c39ccdf5449fbc375123a23558b71ae2d50779e23a7f4cffaa34d1
SHA3-384 hash: 6b3e65ad60669df77d1b056d0961e2e08bcfc2fb5730115d1983f0ee09a685b159087d9fbcff4261ecfd4437aced3e0e
SHA1 hash: b29cb2119c463dfbd6360d5ba7d357558ec1fcc8
MD5 hash: 6d54ccb1a5c564c1b783586398c9486a
humanhash: oranges-lake-michigan-hawaii
File name:FYR.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:291'755 bytes
First seen:2020-07-03 06:46:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:mMhkMGOrdQetOrGUjjd9W2tSN9xYZ/YBXa20JuiQ:N+OhoGqjdk2UN9xjF/
TLSH D454233F4AC9C917812FA9E8A04EC4B72C1A7DC75E18FF82BB5C850323DA6045B8F655
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.mauchle-se.ch
Sending IP: 77.72.177.23
From: PLB RFQ Secretariat <proc.secretariat@pos.com>
Subject: PNSL BERHAD- RFQ BOILER TUBES FOR MV POS LOGISTICS 2
Attachment: FYR.rar (contains "FYR.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75f68c5368c39ccdf5449fbc375123a23558b71ae2d50779e23a7f4cffaa34d1/
Threat name:
ByteCode-MSIL.Trojan.Avemariarat
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:47:04 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ox3iyu3iyoom35ket66doujdui2vrny24lkqo6pchj7uz75kgtiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 75f68c5368c39ccdf5449fbc375123a23558b71ae2d50779e23a7f4cffaa34d1

(this sample)

FormBook

Executable exe 80e9eded592bf14b7597f9feaedb2899c1ce69ea74f588f02fdea70ced4539c6

  
Dropping
MD5 d00febf1cdf47e5ebfe02aeccbf92bca
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80e9eded592bf14b7597f9feaedb2899c1ce69ea74f588f02fdea70ced4539c6

Comments