MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94428a043bf7444907313b0aaacedd245ca1a753db2fd0c268037f59c6d93002. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94428a043bf7444907313b0aaacedd245ca1a753db2fd0c268037f59c6d93002
SHA3-384 hash: 35e219fb31d0fe6a8ef188e85f5097a6700b375a753e172c88cb14024e5ec8c826e4687375451bd52e6b0bc401b6ed4d
SHA1 hash: e397f51129ccaa4d6fe402fe0cda7cfeefdba8c4
MD5 hash: 75d9448f6884550dca51581765dce439
humanhash: network-nevada-violet-hydrogen
File name:RFQ 541120421.pdf.IMG
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2021-04-12 06:14:15 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:xMGTkPvCLhm6nDabAKCcXjcgMuwS2T8Xo2i10Ol/:uGAP+hnDCAKbjxFWgXh
TLSH FC451216F623D8D8FE53317A5AB69E220F31B46B9426594C308DB3257F53322406BAF7
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: tenda.cn
Sending IP: 58.250.161.62
From: marketing@tenda.cn <marketing@tenda.cn>
Subject: RFQ 541120421
Attachment: RFQ 541120421.pdf.IMG (contains "PO5411.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.30021.4378.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94428a043bf7444907313b0aaacedd245ca1a753db2fd0c268037f59c6d93002/
Threat name:
ByteCode-MSIL.Spyware.Solmyr
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 06:15:18 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=srbiubb365cesbzrhmfkvtw5erokdj2t3mx5bqtian7vtrwzgaba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/94428a043bf7444907313b0aaacedd245ca1a753db2fd0c268037f59c6d93002

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 94428a043bf7444907313b0aaacedd245ca1a753db2fd0c268037f59c6d93002

(this sample)

Formbook

Executable exe 588692919a751e9852cf32e0b1da42c347f2ff99a2afd2378c6a7573d7a532fc

  
Dropping
MD5 3cd76d38ad07c345862b07d90186851e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 588692919a751e9852cf32e0b1da42c347f2ff99a2afd2378c6a7573d7a532fc

Comments