MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a75fbdeb8922f5dd2819017b83fd10f2d13968a40f761ef939f77180a6a9d908. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a75fbdeb8922f5dd2819017b83fd10f2d13968a40f761ef939f77180a6a9d908
SHA3-384 hash: 3e77ee3ac3940342f2b4f62f8da818d62a7f89d54327aab88a75bbb4cf1a79852c5adce2145c04a246383ec836cecc7b
SHA1 hash: d73d8433b20ba50f3bdbfb781e797618970c1fe5
MD5 hash: f60f9d356d0432ddd34bcd2515fd560f
humanhash: crazy-sweet-robert-triple
File name:QUOTATION.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:388'480 bytes
First seen:2020-10-27 12:28:12 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:C1p0jMGe+zFhALIEZJ+FFGNoJQoiXN5A88E/utzKAPsbZyvgoGPtJ1ETyjaY1ypr:2p0hALISoFGYQoiMNtOvZDPtyyjOF2Yt
TLSH E48423687E55A139324C5F6E0AE61ED122ED49C371A409247F76CB2B98B243CCBE3717
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: "高静" <gj@mascube.com>
Subject: RE: Quote and price list request
Attachment: QUOTATION.rar (contains "Quotation-pdf-file.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a75fbdeb8922f5dd2819017b83fd10f2d13968a40f761ef939f77180a6a9d908/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-27 02:15:48 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u5p3324jel252kazaf5yh7iq6lits2feb53b56jz65yybjvj3eea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a75fbdeb8922f5dd2819017b83fd10f2d13968a40f761ef939f77180a6a9d908

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar a75fbdeb8922f5dd2819017b83fd10f2d13968a40f761ef939f77180a6a9d908

(this sample)

Formbook

Executable exe 395af6b7f6bc4e92938f11552d83d444b18e27708796de86396b91c3898adec4

  
Dropping
MD5 f066aab0356d73c85654cbcf5c763a78
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 395af6b7f6bc4e92938f11552d83d444b18e27708796de86396b91c3898adec4

Comments