MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89aa5382752a090329e0f8afed48989eda5a0755eb0a6f72150b11d22dcfcdb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89aa5382752a090329e0f8afed48989eda5a0755eb0a6f72150b11d22dcfcdb6
SHA3-384 hash: 58ed18cbf2e87d20c89236edf4379daafdd5c8939b8fc6910e4c37bfe99e1183c03ed36458730f20915ea2fa254a3fe5
SHA1 hash: 488594473afc65223e90d4f0f92273f2ddba9447
MD5 hash: 4f77022e59fa25fb02d990e8127cadf6
humanhash: oregon-eleven-cup-fillet
File name:quotation List 039.pdf.IMG
Download: download sample
Signature FormBook
Create hunting rule
File size:395'264 bytes
First seen:2020-07-10 09:16:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:6lxQTtNzEhAtABDHoNfxtaX5mmDnrhpUwJ3MeVeE3vA2QZ75GIcboortWuj4:WAiBoNxt8mYrkVewE/AVkIctZ
TLSH AB849D1CA552D10AF2B82BB197930A2C4E1A6CC93632A0177A7E3F5D7FBB3A13D05744
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dedicated.qinfotech.co.za
Sending IP: 160.119.102.217
From: Sales <shirley@sccw.co.za>
Subject: Quotation from Ramada Trading cc
Attachment: quotation List 039.pdf.IMG (contains "quotation List #039.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BScope.TrojanPSW.Coins.6368.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/89aa5382752a090329e0f8afed48989eda5a0755eb0a6f72150b11d22dcfcdb6/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 09:18:06 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rgvfhatvfieqgkpa7cx62seyt3nfub2v5mfg64qvbmi5elopzw3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 89aa5382752a090329e0f8afed48989eda5a0755eb0a6f72150b11d22dcfcdb6

(this sample)

FormBook

Executable exe 36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8

  
Dropping
MD5 2b1b6a99d9427ced3bcaaf141dd36b34
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8

Comments