MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 891decb763d0d03a7a486e0c8dccc1323b00153dc4b3df1e8172cc1f3c298844. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 891decb763d0d03a7a486e0c8dccc1323b00153dc4b3df1e8172cc1f3c298844
SHA3-384 hash: 94805b89782f41392b1aa2df6d90f9b54f2a81595c93487dc867dcf41ff49d7e1afc9bcffca1dd081886f990bd5c7d55
SHA1 hash: 284d2ebfdda0da153876bf973caca044ae5bea73
MD5 hash: 9fd14e9c12ef9fbea44e175a6418fb64
humanhash: music-twelve-orange-wolfram
File name:Shipment Approval.r03
Download: download sample
Signature Formbook
Create hunting rule
File size:765'865 bytes
First seen:2020-11-05 09:13:53 UTC
Last seen:Never
File type: r03
MIME type:application/x-rar
ssdeep 12288:2yKRkPHHtZf6/CQUqjejTTS2d+7JWJJhxKsv+bippZfcIyRfEvlVnj9OXiAojgQU:ekPH7f66QJbo+74JzIGZfc/fE9VnjcSm
TLSH 65F4231EB83B48BF0E1BAD3D7E0D15C263919192B315067A49C3EAA1D479D2C5A0DFF8
Reporter abuse_ch
Tags:FormBook r03


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: madengine.com
Sending IP: 103.141.138.124
From: Muhammad Billal Hossain <billal@madengine.com>
Subject: RE: SHIPMENT BOOKING
Attachment: Shipment Approval.r03 (contains "Shipment Approval.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/891decb763d0d03a7a486e0c8dccc1323b00153dc4b3df1e8172cc1f3c298844/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 07:10:09 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=reo6zn3d2didu6sinygi3tgbgi5qafj5ysz56hubolgb6pbjrbca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r03 891decb763d0d03a7a486e0c8dccc1323b00153dc4b3df1e8172cc1f3c298844

(this sample)

Formbook

Executable exe caae4001f524c83a5c3c3b7f7a56d3344d9de742eadbfc54bf3e7fda14354392

  
Dropping
MD5 0722600c8d39691ea633194c3cb38e67
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 caae4001f524c83a5c3c3b7f7a56d3344d9de742eadbfc54bf3e7fda14354392

Comments