MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4c2b15e69a6e5b1d25a9139b57fc1e04561f8b6bb8f1a7aa9d0379229b55b69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4c2b15e69a6e5b1d25a9139b57fc1e04561f8b6bb8f1a7aa9d0379229b55b69
SHA3-384 hash: 9f458cf1892f2402c1fcb3ec77edbdfd98af1db9aa673ee1a2862daa0cdc553827c63953f2a597e39d7ff0d61f3ca490
SHA1 hash: ff0b370524a62b7af90b06c086821b5762c34e9c
MD5 hash: 311859bc9ad2c8fa56169e890c0c2cb3
humanhash: king-snake-emma-king
File name:RFQ.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:575'478 bytes
First seen:2020-10-20 08:33:03 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:z3/CZYKhRVDlcvfq3wOCRfiK6bOorej5vZATmwLSeqHyOQ/J:zPC1hvD2vfRFRfv6EZAymqHyOQ/J
TLSH 9FC423E458676E79FF252FA1F850BCCA9644C982F23EE7D40A7365509314D33B9A82CC
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: server.miyoshi.biz
Sending IP: 111.235.136.178
From: Natalya Povolnova <office@infintetadeltd.com>
Reply-To: sjrkintluea@gmail.com
Subject: Request For Quotation(Urgent)
Attachment: RFQ.arj (contains "RFQ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c4c2b15e69a6e5b1d25a9139b57fc1e04561f8b6bb8f1a7aa9d0379229b55b69/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ytblcxtju3s3dus2se43k76b4bcwd6fwxohru6vj2a3zeknvlnuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c4c2b15e69a6e5b1d25a9139b57fc1e04561f8b6bb8f1a7aa9d0379229b55b69

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj c4c2b15e69a6e5b1d25a9139b57fc1e04561f8b6bb8f1a7aa9d0379229b55b69

(this sample)

Formbook

Executable exe 03c78086d04631f011e45da72afc76354452b162c58447b6ee2edc75c15e18dd

  
Dropping
MD5 79e6f99a25e5491a1bb7d44fcdd788fd
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 03c78086d04631f011e45da72afc76354452b162c58447b6ee2edc75c15e18dd

Comments