MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8794751b785527783dc8206639012b0e891ddffb18f3ab906829a5b25cfaefcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8794751b785527783dc8206639012b0e891ddffb18f3ab906829a5b25cfaefcb
SHA3-384 hash: bc9f679ba21d5c2d70f3633fa1f98e682b692e56e0addcfef0d6051a83d4ff0a7cc3e9e866836c6c2ec284c920511e18
SHA1 hash: 4f8f926eae112727907786bea2b2d66af9ab888e
MD5 hash: 5dec658ae9ef8d76228232ff00241a07
humanhash: avocado-pennsylvania-hydrogen-steak
File name:Demand_List.pdf ....
Download: download sample
Signature FormBook
Create hunting rule
File size:35'009 bytes
First seen:2020-08-12 14:36:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:uwEuqXKpsLYTdbQvfIK+ht/FosMzKj1MQYDOJKtCG9kzD:TEbDwdbQ4K+rMzKj1Mv6KtP9kzD
TLSH BBF2E14360E870E464F6A68B149F8F94DCD28DB1D6B7D5B03CBD2D343722516B2E2243
Reporter abuse_ch
Tags:FormBook Hostwinds


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: hwsrv-760084.hostwindsdns.com
Sending IP: 104.168.145.121
From: Md.Mohsin Chowdhury<info@hemoclan.com>
Reply-To: Md.Mohsin Chowdhury<dhczengs@gmail.com>
Subject: RE: Order List
Attachment: Demand_List.pdf .... (contains "Demand_List.pdf ...............................exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8794751b785527783dc8206639012b0e891ddffb18f3ab906829a5b25cfaefcb/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 14:37:06 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q6khkg3ykutxqpoiebtdsajlb2er3x73ddz2xedifgs3exh257fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8794751b785527783dc8206639012b0e891ddffb18f3ab906829a5b25cfaefcb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 8794751b785527783dc8206639012b0e891ddffb18f3ab906829a5b25cfaefcb

(this sample)

FormBook

Executable exe ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64

  
Dropping
MD5 08b493aea9c2a64cb995b938b8903355
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64

Comments