MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79afae656c9ef2b1fbcafff00b70315b618750dae628ed54811ecc661841fe13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79afae656c9ef2b1fbcafff00b70315b618750dae628ed54811ecc661841fe13
SHA3-384 hash: 360999294dbd44ba9e52bf691bdc59310d3a48cb0c9555fc5d18fdb84c9181d030fe77974b892b2d53827c791756270a
SHA1 hash: b18fc17463352b998c072fbbb388d2663f441ce2
MD5 hash: 157a843195c1f8ac325f73ddd25f0970
humanhash: paris-dakota-bulldog-maine
File name:MV TONG SHUN APPOINTMENT TERMS AND CONDITIONS_pdf.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:729'152 bytes
First seen:2020-06-10 06:19:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:x1dlD6k/2kYw9qXGHORYg1IIXLRMvb7s+n/Do3KtKPjlKM2CH1/6vI45rrTJz:xrgE2cDHgpNMvb9DokKNDpk5Nz
TLSH 0CF4334B28F7E33603B44833C839999557BEBF057442B7C476B1EC2BB8A6F4164166E0
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.emsbd.com
Sending IP: 202.40.181.229
From: PT. Transcoal Pacific <zakki@transcoalpacific.com>
Reply-To: zakki@transcoalpacific.com
Subject: MV TONG SHUN -VOY#095/ETA JUNE 16 - AM/ AGENCY APPOINTMENT
Attachment: MV TONG SHUN APPOINTMENT TERMS AND CONDITIONS_pdf.rar (contains "MV TONG SHUN APPOINTMENT TERMS AND CONDITIONS_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:21:06 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgx24zlmt3zld66k77yaw4brlnqyoug24yuo2vebd3ggmgcb7yjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 79afae656c9ef2b1fbcafff00b70315b618750dae628ed54811ecc661841fe13

(this sample)

FormBook

Executable exe 5ea5c833b683610be48142f34c9f8c98ab8f987b9aee34f1e7ed6d1c8567075f

  
Dropping
MD5 3610f8e60ed5cffb2ab57bbf86b287fc
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5ea5c833b683610be48142f34c9f8c98ab8f987b9aee34f1e7ed6d1c8567075f

Comments