MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0155e4e413d4a45e1a255861740a24f1c6ac1f0dc521f63750ce8de45257439. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0155e4e413d4a45e1a255861740a24f1c6ac1f0dc521f63750ce8de45257439
SHA3-384 hash: b307ced4454e519f08d417e8a54c3569739ce318cc03a130759b7dec16fd752ce00882bd5c06a4d828cfc9fce514de52
SHA1 hash: babb7eb78a123e787bb095dedfe9c901868c8371
MD5 hash: e92a573a75ac0c9ab28a1f4b5fec6197
humanhash: single-colorado-quebec-illinois
File name:ORDER 172IKL0153094.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:646'080 bytes
First seen:2020-12-28 07:54:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:meQI50f/f7G+KG63+7rcIx7ggfkraIoL+pWTcoHs7QxezO3pMlg:mS5Qn7G+KDOPn7gJloI4VHs7pOZMlg
TLSH DFD42328173476AD7CD85700C2612D98F1EC288EB76A8F584F6EDE884F4ADF5C92434D
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: coimtra.cam
Sending IP: 111.90.159.197
From: Rachel, Choi <Choi@coimtra.cam>
Subject: AW: AW: AW: ORDER 172IKL0153094 # 2020-0806
Attachment: ORDER 172IKL0153094.rar (contains "ORDER 172IKL0153094.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0155e4e413d4a45e1a255861740a24f1c6ac1f0dc521f63750ce8de45257439/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 07:55:06 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wakv4tsbhvfelynckwdboqfcj4ogvqpq3rjb6y3vbtun4rjfoq4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b0155e4e413d4a45e1a255861740a24f1c6ac1f0dc521f63750ce8de45257439

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar b0155e4e413d4a45e1a255861740a24f1c6ac1f0dc521f63750ce8de45257439

(this sample)

Formbook

Executable exe fda9bc94b5b0819fb153117c4a037262264d7d22d2610eafd45c7fbfd4765c7b

  
Dropping
MD5 f4679cfd74418e90d5343137f769c2cc
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fda9bc94b5b0819fb153117c4a037262264d7d22d2610eafd45c7fbfd4765c7b

Comments