MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7983dba8ad5b0e2c711b758db8806fa7aed062acbca35826101d889570c82493. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7983dba8ad5b0e2c711b758db8806fa7aed062acbca35826101d889570c82493
SHA3-384 hash: e3bf9fa4e933eb170497c0acbb3eb7eedba015093a0471497e4b59ebf46a1a8de9ae3bcdab951416758ee71ad4057b49
SHA1 hash: 35e2e6b418baf18643685cac8f8f1a04ae09f991
MD5 hash: f1fb26b2d0d3a12ee0f00dbebf99976b
humanhash: high-illinois-speaker-carbon
File name:Proforma Invoice.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:430'821 bytes
First seen:2020-07-08 07:01:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:yUm1wc4cZQQs/OwE2dHt4BjpJJGPd//1ND:5pcpZLYOwE21t4HidXfD
TLSH 2B9423987A1DA6FFE02CA13CCF9F185EFF3596C7A5A40C7222B0D4AE6C5469004211FB
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: truegreen-cn.cam
Sending IP: 111.90.140.74
From: Export@truegreen-cn.cam <Export@truegreen-cn.cam>
Subject: RE: RE: INVOICE DOOSAN - DBC130S/110S
Attachment: Proforma Invoice.rar (contains "Proforma Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7983dba8ad5b0e2c711b758db8806fa7aed062acbca35826101d889570c82493/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 07:03:04 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgb5xkfnlmhcy4i3owg3radpu6xnayvmxsrvqjqqdwejk4giesjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 7983dba8ad5b0e2c711b758db8806fa7aed062acbca35826101d889570c82493

(this sample)

FormBook

Executable exe ba988eeaeef4b7e706308c40094dd0fe2146918e0386565cc2a14243e3f0aa69

  
Dropping
MD5 4e8e670607976e809e5a2bee204e183a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ba988eeaeef4b7e706308c40094dd0fe2146918e0386565cc2a14243e3f0aa69

Comments