MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 874c3142c4d45e713e7bd45984880f53b4f13af883bda8071b2dc9df8201364d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 874c3142c4d45e713e7bd45984880f53b4f13af883bda8071b2dc9df8201364d
SHA3-384 hash: 0bd7064098edf564bc4dfa7e8bba5212c6912f7ace20304577e4725ad081df505941a31184a414ee8d0a635deb77a1f9
SHA1 hash: ecf493b8480e1d34117bbad54e681cf480f8d33d
MD5 hash: 641e654b854a76c1a9ddc6cbbb5b7cc7
humanhash: may-neptune-black-table
File name:New Order.pdf.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:432'632 bytes
First seen:2020-07-09 12:15:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:pA1wblwwBLwAAhzGaPNFy2JOl0PI+q0D8XiFF2o63vs+5n0vh3+Y6aKjXLDfHgry:pJblw/RLFpWsyZLvs+OuYWjXLDKnys6
TLSH 8B942353F9009D142A82A5E9F0050CA8795FA6CDCA34507B47728D52FC5166F7ECAFF2
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.beeinspire.com
Sending IP: 115.124.125.172
From: Prakash International Pvt. Ltd. <raj@prakashchemicals.com>
Subject: Quotes on your specified products
Attachment: New Order.pdf.rar (contains "New Order")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200709-1146.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/874c3142c4d45e713e7bd45984880f53b4f13af883bda8071b2dc9df8201364d/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 12:16:13 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q5gdcqwe2rphcpt32rmyjcapko2pcoxyqo62qby3fxe57aqbgzgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 874c3142c4d45e713e7bd45984880f53b4f13af883bda8071b2dc9df8201364d

(this sample)

FormBook

Executable exe 5f885377d87bbb8384fa51505cbb454bd758c621febcfb5e5aff42e1379c1430

  
Dropping
MD5 f43dbc77e78eec495daef1fa8c28021d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f885377d87bbb8384fa51505cbb454bd758c621febcfb5e5aff42e1379c1430

Comments