MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b91b37932414c4dea8ec42245f43959e00f635e4ebc4da721edab13d286db27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b91b37932414c4dea8ec42245f43959e00f635e4ebc4da721edab13d286db27
SHA3-384 hash: d47d328140e646f8c63d96aa44391197d8e479df31f127aa2bc26566c2cf04701866df77a1263c111616f02097aac56b
SHA1 hash: 1bae194280e130eaaca8d5a41087788fb636ce22
MD5 hash: a9d172167411b8531c29b102b393fdee
humanhash: ohio-georgia-skylark-tennis
File name:REQUEST FOR QUOTATION.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:235'376 bytes
First seen:2020-05-26 10:47:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:9Fi0D1Y5W4K/xNpnuZiGod8Y+7ijJheIMOoGEjb:1D1gQTtKK+kh11Mb
TLSH 4A3413716BF2423A0A4E9F9A2243D1DD61FCFFD5355337A4D642162B3B8640AB60C9E3
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vps.galennou.com
Sending IP: 45.95.169.43
From: Sanja Momirović <info@galennou.com>
Subject: FWD: REQUEST FOR QUOTATION
Attachment: REQUEST FOR QUOTATION.rar (contains "Order 260520.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:02 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 8b91b37932414c4dea8ec42245f43959e00f635e4ebc4da721edab13d286db27

(this sample)

Formbook

Executable exe 3ebe7729fe5d80990333d4c0255af3b23e4ec2c1f61b9ea563eeb3e050943735

  
Dropping
MD5 384455ed03ed57222ef2b6b7fe0dbedd
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ebe7729fe5d80990333d4c0255af3b23e4ec2c1f61b9ea563eeb3e050943735

Comments