MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a91ab955dd1d84bd1adf8486a0699904beb6dbab3e995ee6b85cc1feb4971cfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a91ab955dd1d84bd1adf8486a0699904beb6dbab3e995ee6b85cc1feb4971cfd
SHA3-384 hash: 8becd0264a68c530157a9ecc698d8bd8c6bc4b09e2b2f00bb4bff62fa0cba293b22cc0a3f5563fe52bcb84ad4f42e547
SHA1 hash: 9dee5dd5dcf91bb17b5e7a38bc98e325eeb8ecbe
MD5 hash: 64ac1f5fc97bbad80c42fdcc6a953c05
humanhash: oranges-moon-island-bluebird
File name:HSBC Payment Advice.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:279'062 bytes
First seen:2020-06-16 13:52:58 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:jm0jMLp6h1yPW37D1iuTpyOBSXY6/c2CT3pB47njD1vK1fVjlLEHa:jm47yu37D0uTpyPXvcdTXEjJvg9lo6
TLSH 0A5423A72B94FE5DE57C41369733B0909396FD238E9E1E5090B2C26FB0CA1C66B44B74
Reporter abuse_ch
Tags:arj FormBook HSBC


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 162-241-215-146.unifiedlayer.com
Sending IP: 162.241.215.147
From: HSBC Advising Service <info@hsbc.com>
Subject: Payment Advice - Ref: [HSBC1057025201] / Priority Payment / Customer Ref: [PI107057QT20]
Attachment: HSBC Payment Advice.arj (contains "HSBC Payment Advice.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-16 13:54:07 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=venlsvo5dwcl2gw7qsdka2mzas7lnw5lh2mv5zvylta75nexdt6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj a91ab955dd1d84bd1adf8486a0699904beb6dbab3e995ee6b85cc1feb4971cfd

(this sample)

FormBook

Executable exe c222cf8e45e1fa3f41b9c4215cef0d671693fe83e6a0a5964fde2e9504a38c5e

  
Dropping
MD5 d39ede0a7bca00ae2189ee2d7cd751f4
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c222cf8e45e1fa3f41b9c4215cef0d671693fe83e6a0a5964fde2e9504a38c5e

Comments