MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98bac2fc2a83a1cc73fd3741bed7ca4b79d9c7167b3d04ef476047f3900bf854. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98bac2fc2a83a1cc73fd3741bed7ca4b79d9c7167b3d04ef476047f3900bf854
SHA3-384 hash: fa618a971a54329196fa8df46bb4956593286bdd743d41dd2b62f015e8ae8cd148557b5068ee8338f55df1a25af60c5a
SHA1 hash: 90d9a9669756b91acbbc29678597d4ddf6d8e844
MD5 hash: 0a1ae4066b33f1203e4847ec034bfde4
humanhash: table-bacon-tennis-one
File name:Inquiry.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:479'011 bytes
First seen:2020-05-07 06:50:36 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:wiCLXJJNvYXK1iz9SmKzXZa6ZRgc1yY+ThZZ:49wa1A9XKa6ZRnyDZZ
TLSH B6A423F3EF48DE59BC5115342D1DC3BB66E649FB40A28A4187490AE0EB947BF9E25C0C
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: trinity-global.pw
Sending IP: 173.82.255.125
From: Badrinath Naikwadi <director@trinity-global.pw>
Reply-To: franccmcleather@gmail.com
Subject: Inquiry
Attachment: Inquiry.gz (contains "Inquiry.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Inject
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 07:36:50 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tc5mf7bkqoq4y475g5a35v6kjn45trywpm6qj32hmbd7heal7bka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz 98bac2fc2a83a1cc73fd3741bed7ca4b79d9c7167b3d04ef476047f3900bf854

(this sample)

FormBook

Executable exe 9727c687448fb19944524631d76df2facf3fdb70324e2c61d535756fcd838ddb

  
Dropping
MD5 ed2f55fe9027e6b9ee1eb6d705c566c3
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9727c687448fb19944524631d76df2facf3fdb70324e2c61d535756fcd838ddb

Comments