MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3aa28d96664fc95cf9b74941b6c0015e5c3d18dd5efcee33e1dd1773aa3316d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3aa28d96664fc95cf9b74941b6c0015e5c3d18dd5efcee33e1dd1773aa3316d
SHA3-384 hash: eab72047e7e26f9cfafc4b9dc7630e9210a3affa3f7538abb894bb4f2dfa5df362ffee3574ad1850720c1cc6ce0940ae
SHA1 hash: 277f10e1fd66665ee3fd03f3c21572c98c54fc5f
MD5 hash: c6954abe475309997c919af83a0cf3eb
humanhash: moon-summer-july-equal
File name:PO.9758752img.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:313'796 bytes
First seen:2020-06-10 07:38:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:fvCb9LZmAQ8GP8eRhOHONxs2OiV8xd3xH6IxZ2o+6LRaCyMj2GQYLj1bzZIxpi8B:XCbnQ1EIsHO02OEQ3xHT2o+6N3yMKv6k
TLSH CD64230EB2BB0261EDFD74954461057A3DFBE4E00E9CA3AE1CFADC1980BC5627921B09
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: smtp76.iad3a.emailsrvr.com
Sending IP: 173.203.187.76
From: ase.dinajpur-b@olympicbd.com <ase.dinajpur-b@olympicbd.com>
Subject: REQUEST FOR QUOTATION
Attachment: PO.9758752img.rar (contains "H2pjyhEAKkZfHdt.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:40:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uovcrwlgmt6jlt43oskbw3aacxs4humn2xx45yz6dxixoovdgfwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar a3aa28d96664fc95cf9b74941b6c0015e5c3d18dd5efcee33e1dd1773aa3316d

(this sample)

Formbook

Executable exe 64379371f079edd1bb0d1a26a98e0a487c4e89a468f60674d803f929d24d3ecb

  
Dropping
MD5 89d09a60f52f57c3ce453088e2e55929
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 64379371f079edd1bb0d1a26a98e0a487c4e89a468f60674d803f929d24d3ecb

Comments