MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b456c3665355f35c5076f10f4c84a2e822d6a38b49237087f5d869d23805cc54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b456c3665355f35c5076f10f4c84a2e822d6a38b49237087f5d869d23805cc54
SHA3-384 hash: 62fd3ba3e50b78a6e402fb12fd61ceddf6bda2b62185f591789a340b6d6b7a9f502ad4ef99fe1f2941a04fe76d030b8b
SHA1 hash: d12160046e98fa794ab127e178548d667e86e0bd
MD5 hash: d3550c32817db7eb64f694792776a004
humanhash: video-harry-failed-diet
File name:shippingdoc_pdf.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:867'357 bytes
First seen:2020-05-25 12:47:23 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 24576:EjVfEC/b5IJlqlt1KPeSJ5JRlXBp86zvoZ/E3xOqtfv2MfEy:Er5IJ4ltCZx/d3A4fvhEy
TLSH 3E053387D8BEBBFEA668881A476406F35F0524BDB30ADD961A11535EE214E73C3C7E10
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: fm02.smd.vnn.vn
Sending IP: 14.225.227.10
From: frankylin@mail.coscotw.com.tw <trinien@maxplanning.vn>
Subject: RE:shipping documents M/V”EVER BEFIT
Attachment: shippingdoc_pdf.arj (contains "shippingdoc_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:37:02 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj b456c3665355f35c5076f10f4c84a2e822d6a38b49237087f5d869d23805cc54

(this sample)

FormBook

Executable exe f43b908ae719e97419ad1ce856a7c4a519a5e01fc318725f693153b41aac3fda

  
Dropping
MD5 853a22ebcbfe7302e8296e215353982b
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f43b908ae719e97419ad1ce856a7c4a519a5e01fc318725f693153b41aac3fda

Comments