MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ca625542f416a17031fe5653006e2a849720f45c27bc161dd044a78753f795c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ca625542f416a17031fe5653006e2a849720f45c27bc161dd044a78753f795c
SHA3-384 hash: 81d8b0d97c3e9a55cb3346c501dfb5e473cc5b24248cc97878cfc3434d9263ffed2563902a31452119e882c557eaec3c
SHA1 hash: ab16642cc4d17a35e96e88770bce1bbc8cd6c99a
MD5 hash: 456d8b0dec8ce16cb17820ec7285f046
humanhash: hamper-timing-item-mars
File name:Shipping Document PLBL Draft.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:255'683 bytes
First seen:2021-01-15 07:09:24 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:iuIsY8ptjaZk0a7acdk8VjO1qa8GhPxtsMqIAvtjITkQWm:VFYOcaOWidHiBIAvtj2h5
TLSH FE44231C2BCDAEA347775760B5A22551C6DC6CACC883B363FCBDFB32065124056ADA62
Reporter abuse_ch
Tags:DHL FormBook r00


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cloudhost-2060988.uk-south-2.nxcli.net
Sending IP: 165.84.218.167
From: DHL Express INC <support@dhl.com>
Subject: Consignment Notification: You Have A Package With Us
Attachment: Shipping Document PLBL Draft.r00 (contains "Shipping Document PL&BL Draft.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodRar-AIC.1466.873.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9ca625542f416a17031fe5653006e2a849720f45c27bc161dd044a78753f795c/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-01-15 07:10:06 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tstckvbpifvboay74vstabxcvbexed2fyj54cyo5arfhq5j7pfoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9ca625542f416a17031fe5653006e2a849720f45c27bc161dd044a78753f795c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 9ca625542f416a17031fe5653006e2a849720f45c27bc161dd044a78753f795c

(this sample)

Formbook

Executable exe bcba31709cecf79a6996bda8b48a9e891db6de827c852404634a96d248560ba3

  
Dropping
MD5 a0614d41b6280e3f8bce2015eb4ba7aa
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bcba31709cecf79a6996bda8b48a9e891db6de827c852404634a96d248560ba3

Comments