MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4fae31798632173aa7e80616bbc7625e482f44ac082a3d07744ad0d19c9ff25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4fae31798632173aa7e80616bbc7625e482f44ac082a3d07744ad0d19c9ff25
SHA3-384 hash: 0dfbdb806826a4faeec176fdad04fd150712bd6598c85cda27cb4dc7c3a2f4b4ead053f6a9c1cacfd36ee260c3fa8579
SHA1 hash: 025ef427ebabc82cb140aff8b14ebb035e06c9fb
MD5 hash: f1475a5d600bc6199c9300abf15b98f1
humanhash: beer-pluto-utah-network
File name:PROFORMA INV98745654.PDF.r24
Download: download sample
Signature Formbook
Create hunting rule
File size:281'432 bytes
First seen:2020-07-29 12:53:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:qQQX5I9rHEVGKsykYQzUkn53osm4JMIWaodGCOE:qQN9rkVfshYQH1q4JMIWay
TLSH CB542390AD8BEA63E4349232FF2C2C6EDC08901660F0EED9790578D7C75376C919B95B
Reporter abuse_ch
Tags:FormBook R24


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: albayrakbeton.com.tr
Sending IP: 45.90.222.242
From: Banu ALAKENT <banualakent@albayrakbeton.com.tr>
Subject: FW: We are sending oficial Proforma Invoice for Bank enclosed.
Attachment: PROFORMA INV98745654.PDF.r24 (contains "PROFORMA INV98745654.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4fae31798632173aa7e80616bbc7625e482f44ac082a3d07744ad0d19c9ff25/
Threat name:
Win32.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 12:55:06 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wt5ogf4ymmqxhkt6qbqwxpdwexsif5ckycbkhudxiswq2goj74sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b4fae31798632173aa7e80616bbc7625e482f44ac082a3d07744ad0d19c9ff25

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar b4fae31798632173aa7e80616bbc7625e482f44ac082a3d07744ad0d19c9ff25

(this sample)

Formbook

Executable exe 7d8d79cf0ac48ce5ffbb0cf0d1b3370662d34170d9430baac21f42d30b3b66f5

  
Dropping
MD5 47ba004741228166d815f278d6b9301e
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d8d79cf0ac48ce5ffbb0cf0d1b3370662d34170d9430baac21f42d30b3b66f5

Comments