MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9fd15e85d0dacada609ac5e5635cd8714200e9f539b1f9df4750ba4f3586654. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9fd15e85d0dacada609ac5e5635cd8714200e9f539b1f9df4750ba4f3586654
SHA3-384 hash: 8dfd63abbfdf1ca1b1c143078bdd9847524db57026594389dd4848d81e40756f01de913c5f9e9a6a9036010a56f35b3b
SHA1 hash: 109c6652160a093d962aad381b0c4ce01220d991
MD5 hash: 8b971dc4876ae5a49d953f6bb8a38d87
humanhash: uranus-lactose-violet-quiet
File name:QI0DXH8l8W.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:383'425 bytes
First seen:2021-03-01 07:27:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:KKVXoYWjOLykYX9/nd6aV7X4cWNZaE4HcEwtMH6a7Sa3ELaYp5:PC35X9d6aVkIHcEhteEELaYr
TLSH 6F84237F95E65D0B2A3C3AD3B0868C164B22F79CE3D76568E48047D258A16F3230D7DA
Reporter abuse_ch
Tags:rar Yahoo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sonic303-19.consmr.mail.ir2.yahoo.com
Sending IP: 77.238.178.200
From: martin palmkvist <martin.palmkvist9byggtill@yahoo.se>
Subject: : Fwd: Wire Transfer Payment
Attachment: QI0DXH8l8W.rar (contains "aQnaI0DXH8l8WfB.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9fd15e85d0dacada609ac5e5635cd8714200e9f539b1f9df4750ba4f3586654/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-03-01 07:28:18 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xh6rl2c5bwwk3jqjvrpfmnonq4kcadu7konr7hpuouf2j42ymzka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/b9fd15e85d0dacada609ac5e5635cd8714200e9f539b1f9df4750ba4f3586654

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar b9fd15e85d0dacada609ac5e5635cd8714200e9f539b1f9df4750ba4f3586654

(this sample)

Formbook

Executable exe 87b9a54e05cadec6a6ba97a28c1de2b59b47987dcac4781203dc4811b2d33e24

  
Dropping
MD5 4093e1d11b616d870c6e6176b8058d77
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 87b9a54e05cadec6a6ba97a28c1de2b59b47987dcac4781203dc4811b2d33e24

Comments