MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3d4659044daaa9c7fc65d0697a2d6c09662427edc249e843fe60d153fd72926. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3d4659044daaa9c7fc65d0697a2d6c09662427edc249e843fe60d153fd72926
SHA3-384 hash: a573ec8c7dda44d421bfaed543eb796a9de76a7c1449ea3a4543d366bb9ba0b13032641d047492e974ca5dfa7340168a
SHA1 hash: 9a84fbfcd589f69f94869f57d6e4ffda349cd3d0
MD5 hash: fe59e45ad62aa9934c035e3ddd170a81
humanhash: florida-september-colorado-chicken
File name:profoma invoice.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:228'902 bytes
First seen:2020-05-21 19:20:21 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 3072:+LSXcRgc8vxj5zOsHODeK95wQCPJks71L3Cz1wPrIPw3VblDmOc/uFidA9V:6SXcUvJQWAP9Cv3CxwP0w1lKOceidA9V
TLSH A12423FCDE9D4A0293D9900B813F0935DBFEB591FA040A285B963E5CD943AD7D2D1C2A
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: ilezoni.pw
Sending IP: 173.82.238.171
From: Sales & Marketing. <info@ilezoni.pw>
Subject: Invoice
Attachment: profoma invoice.arj (contains "profoma invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 19:35:46 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj c3d4659044daaa9c7fc65d0697a2d6c09662427edc249e843fe60d153fd72926

(this sample)

Formbook

Executable exe ebfc26187e0b0ad6924461b1f2476321c53b5a23fbfe246e3ed5a475a1ea5678

  
Dropping
MD5 dc0a77be86c220410bf0cc9c56e687f4
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ebfc26187e0b0ad6924461b1f2476321c53b5a23fbfe246e3ed5a475a1ea5678

Comments