MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa3a6c0efb81498bfda5ebc1319154af99114b3184a9dffd5924e778b25b1ab9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	aa3a6c0efb81498bfda5ebc1319154af99114b3184a9dffd5924e778b25b1ab9
SHA3-384 hash:	51a817216fca1c7ece3c9530d0fe1c32425816d8017e9bd3b494dacc24b5134ce8c5d57b8f4752dbd685d804df6ca02f
SHA1 hash:	242c0f565ef343f4390b3090fcd1480ae07d50c1
MD5 hash:	aa4728fc8d920e596570904225ffaeca
humanhash:	florida-cold-yellow-oscar
File name:	doc094.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	353'280 bytes
First seen:	2020-06-06 10:01:08 UTC
Last seen:	2020-06-06 10:46:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	6144:B4E3XF/y2gXXNiBfcKEiBg58TPKdVmQS5xE1CfhsAnYg:B4o/y2gX9iBfcKECbTmVmNxACfhp
Threatray	22 similar samples on MalwareBazaar
TLSH	3974D082EFF5A64EC16A4AFB51EB481D03227D60943DCA8E7DB03CF012367495A6177E
Reporter	abuse_ch
Tags:	exe FormBook Yahoo

abuse_ch

Malspam distributing FormBook:

HELO: sonic305-21.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.241.84
From: COMMERCIAL TRADING <trading.commercial@yahoo.com.sg>
Subject: FW: Payment Transfer
Attachment: doc094.rar (contains "doc094.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.LuheFihaA.22604.229.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Swotter

Status:

Malicious

First seen:

2020-06-06 04:02:27 UTC

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vi5gydx3qfeyx7nf5patdekuv6mrcszrqsu577kzettxrms3dk4q._file

Verdict:

unknown

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 17860814e8bd76c17950f886ad9de46cea5d891c4144f7e47f1a64d990e152c1

FormBook

exe aa3a6c0efb81498bfda5ebc1319154af99114b3184a9dffd5924e778b25b1ab9

(this sample)

Dropped by

MD5 fb111186a13baae8436018acb8f85c7f

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 17860814e8bd76c17950f886ad9de46cea5d891c4144f7e47f1a64d990e152c1

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample