MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 805fa5e753e104c6076d9f912321cb766b3fc670794838882597ffd785989949. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 805fa5e753e104c6076d9f912321cb766b3fc670794838882597ffd785989949
SHA3-384 hash: f08fb1509ab0ed277e1f4a2da45bb2b57c12fcae61572381d4ede3f1d1a9a8940beda8bbc628ffca64108334fa60973f
SHA1 hash: 9239990312631ab79294464f48595c7c518d4381
MD5 hash: 5062c6bc19c0c3d13397d82277665a5d
humanhash: victor-tennessee-india-grey
File name:SOA.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:526'926 bytes
First seen:2020-10-27 10:23:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:eA2tdAoqEiWs3tFVyPKgNT4VvUIE2fredbKOTLNXUqC1v:F2tv/ORVy0Vv6dbKQNkqC1v
TLSH 48B423FCCCB9F2F1189C74FE5B99BA6637941E47C655D1C86F1E85E9BA480C1AB20203
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hosting.kenwaresolutions.com
Sending IP: 173.231.198.30
From: mr michael wu <kenixlau@maxims.com.hk>
Reply-To: Sudarsan.R@redact.co.in
Subject: Re:Revised statement of account
Attachment: SOA.rar (contains "SOA.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.21215.24369.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/805fa5e753e104c6076d9f912321cb766b3fc670794838882597ffd785989949/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-27 05:45:24 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbp2lz2t4ecmmb3nt6isgiolozvt7rtqpfedrcbfs775pbmytfeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 805fa5e753e104c6076d9f912321cb766b3fc670794838882597ffd785989949

(this sample)

Formbook

Executable exe 93094c96cb315b7457fcdc289cdbdf47876c98c1103bba45726bd1018e40cc30

  
Dropping
MD5 906fbb76a4c6ba70fe53142c2c176c40
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93094c96cb315b7457fcdc289cdbdf47876c98c1103bba45726bd1018e40cc30

Comments