MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e765af2d1bf7c139df8fb2bb5eef1268b3cf356f7192f4f221c42104fad2a89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e765af2d1bf7c139df8fb2bb5eef1268b3cf356f7192f4f221c42104fad2a89
SHA3-384 hash: e89412ed41427881ee0aa2122cd000eca43f2b68bdb3dfe247918824697eb0c0eda0def2d1057e3672b327e23f2921fb
SHA1 hash: f22f673178001daa81d05181d888b6d9eee49851
MD5 hash: 9ddf2ece1aff252f23667546f359d4b7
humanhash: october-echo-nineteen-crazy
File name:Corona-virusCOVID-19vaccine.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:393'897 bytes
First seen:2020-04-01 11:52:55 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:lPLmnHWu6AHH+006yJgWEnm/r7Oz/v/C9:VnqH+00tJg/nm/XS69
TLSH 0A84236AE7825619E3CBB3EB5404FB59DB55A8DCBD3F0A9F620414464BD0825370CA3F
Reporter abuse_ch
Tags:arj COVID-19 FormBook


Avatar
abuse_ch
COVID-19 themed malspam distributing FormBook:

HELO: ps.hostingenlaweb.com
Sending IP: 108.170.35.67
From: Dr. Stella WHO Asst <noreply@WHO.com>
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: Corona-virusCOVID-19vaccine.arj (contains "Corona-virus(COVID-19)vaccine.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 06:41:44 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pz3fv4wrx56bhhpy7mv3l3xre2ftz42w64ms6tzcdrbbat5nfkeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj 7e765af2d1bf7c139df8fb2bb5eef1268b3cf356f7192f4f221c42104fad2a89

(this sample)

Formbook

Executable exe 052e19392c73c979c31554983a4aed5589c4ece553083dddfb4fe14ee55c440a

  
Dropping
MD5 7a6f42d25a4798aa6213103e9ce9a650
  
Dropping
SHA256 052e19392c73c979c31554983a4aed5589c4ece553083dddfb4fe14ee55c440a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 052e19392c73c979c31554983a4aed5589c4ece553083dddfb4fe14ee55c440a

Comments