MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c219a602699e90b36fee07846dde9ff44a93fad6b60512b6604d43f1254e1e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c219a602699e90b36fee07846dde9ff44a93fad6b60512b6604d43f1254e1e5
SHA3-384 hash: 629b89e4cb0026b0502d815018f9adc71d8d6edcd526c6d7096fa64d14f262709c7278a810f2a9c1d39458a62f84f67a
SHA1 hash: 3b60b63f96e4ab5efdcae1695bd6ca8a4d069236
MD5 hash: 3d76662b8e2d5d21fa226fcc020b58a8
humanhash: artist-texas-autumn-snake
File name:Inquiry Lists.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:238'357 bytes
First seen:2020-05-20 08:44:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:xIJCygNTnPml6FgPXEZlOjo+8PaF03U4BiFXrQmxdy:0gZPZYClOsiO3UndrQmxI
TLSH BF34231F2F30828D67DF1FA9156E9550EF3B00FA81A6B86E3C1B7689E454F2E6521CC0
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: aktywizacja.com.pl
Sending IP: 94.100.28.181
From: Arnout <handel@aktywizacja.com.pl>
Reply-To: handel@aktywizacja.com.pl
Subject: Inquiry
Attachment: Inquiry Lists.rar (contains "Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 09:36:12 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
13 of 30 (43.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rqqzuybgthuqwnx64b4enxpj75cksp5nnnqfck3gatkd6esu4hsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 8c219a602699e90b36fee07846dde9ff44a93fad6b60512b6604d43f1254e1e5

(this sample)

FormBook

Executable exe 1c17fcd097bdf870469b6ae65ca22d42ed57f250d411d9123a259146c8056362

  
Dropping
MD5 2e2ec2d292d76448efa9f3387f445261
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c17fcd097bdf870469b6ae65ca22d42ed57f250d411d9123a259146c8056362

Comments