MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ff386b3dd75b25214575a0f1edcc46f2a4125de304cecbf3ce85333df8a21c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ff386b3dd75b25214575a0f1edcc46f2a4125de304cecbf3ce85333df8a21c9
SHA3-384 hash: a7af7440e6c5f029c375bbdb4d1d700d5c55e358726954f8fa730eb36c432ef16020e85480e87523eb552e87383e1a5d
SHA1 hash: 493f96b3c46a122dd70e97b243f0c5fb5f73fb33
MD5 hash: 8bb77f4fc6ab9cec265ab2ea0b294b2e
humanhash: washington-magazine-salami-arkansas
File name:Details here.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:813'818 bytes
First seen:2021-01-18 08:21:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:aY/coEfG25fKLWywVF3nBHzmU7nFuLKFqP+:aY/0GISoFRHa8uLeX
TLSH 0A05330460579AF2E8E404F9BEF1307A4A8931677F9C91C4ECAD425A0B74AF7F62D217
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: win04-mail.zth.netdesignhost.com
Sending IP: 150.95.29.34
From: Mrs Anita <bookings@thetouchgreen.com>
Reply-To: asqhopeland8@gmail.com
Subject: Re: Inquiry
Attachment: Details here.rar (contains "Details here.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ff386b3dd75b25214575a0f1edcc46f2a4125de304cecbf3ce85333df8a21c9/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 08:22:15 UTC
AV detection:
6 of 45 (13.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p7zynm65owzfefcxlihr5xgen4vecjo6gbgozpz45bjthx4keheq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7ff386b3dd75b25214575a0f1edcc46f2a4125de304cecbf3ce85333df8a21c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 7ff386b3dd75b25214575a0f1edcc46f2a4125de304cecbf3ce85333df8a21c9

(this sample)

Formbook

Executable exe 67710323c3dd7ba7cc04081512bdb304b4d7edd72975f2891c1f5893fdb75a8a

  
Dropping
MD5 a952c15d26e8b87cce83c842f9c56d71
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 67710323c3dd7ba7cc04081512bdb304b4d7edd72975f2891c1f5893fdb75a8a

Comments