MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76948cb535db1fb73f8590d79042396daa8c3e21718fe74179a35d693fa7b795. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76948cb535db1fb73f8590d79042396daa8c3e21718fe74179a35d693fa7b795
SHA3-384 hash: 95f383ff92d857de4292289d406b68c31c413662b790a9cefd5501d8f2a15457593505c4aaf20c2c804ba11a31bfb6fa
SHA1 hash: bc352a215cf891afccfa9ad8086b5b50a5c0e889
MD5 hash: e806b4b10ba537fd79119ecc36e2834e
humanhash: nitrogen-lithium-idaho-glucose
File name:New order pdf.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:194'716 bytes
First seen:2021-01-06 16:08:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:drhjdbDw3wZm+2pd7rdu5mUVV+/uoq5kl1xSQpmyASh3/LBRGKI2xW3IbXoIVjoc:d9B8+GdQAZq5knok3TBRGKI47oPB9y
TLSH EF1423F4ADA3162CF6113B9BB8CAF81B28018834CE16933F447493D92DA1C66DF76356
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.123host.iq
Sending IP: 185.76.34.219
From: Kumar,Mehmet <sales@ydgls.com>
Reply-To: tac.tacky@mail.com
Subject: AW:New Order
Attachment: New order pdf.rar (contains "inv.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76948cb535db1fb73f8590d79042396daa8c3e21718fe74179a35d693fa7b795/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-06 10:30:05 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2kiznjv3mp3op4fsdlzaqrznwviyprbogh6oqlzunowsp5hw6kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/76948cb535db1fb73f8590d79042396daa8c3e21718fe74179a35d693fa7b795

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 76948cb535db1fb73f8590d79042396daa8c3e21718fe74179a35d693fa7b795

(this sample)

Formbook

Executable exe 9161b2162e26e06de573d2314ef3d6cec389bfc240c33a9bce7f5b1e13c7b703

  
Dropping
MD5 d1b3e55a7d0384f350b6e11f0f7f1f4b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9161b2162e26e06de573d2314ef3d6cec389bfc240c33a9bce7f5b1e13c7b703

Comments