MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5cee15e954a874f584c63652da213b2621127f95466f1382bece4776d6d5b18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5cee15e954a874f584c63652da213b2621127f95466f1382bece4776d6d5b18
SHA3-384 hash: edf6a3281843899c98adde46307e0a5229625f4be31423384ee5f85fd3549e6a3605dd8832ed136bee23d1a856cf6334
SHA1 hash: f2827c2cd5c51e3e9c46da64f4af81c4feda8f9a
MD5 hash: 9fe4f46954a4bc33c6edf2119ee5fc36
humanhash: oklahoma-eighteen-green-blossom
File name:Request For Quotation.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:417'860 bytes
First seen:2020-10-20 08:24:39 UTC
Last seen:2020-10-20 09:43:49 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:Qr5h06JtoO6ODdtJkatpLhKXEVjqNevkn:606XopODdtJhpNNqakn
TLSH B99423A0081B27ABFB4CC020219D5FA29F505E79489EBDE2327FEC57141DBCAC4E6995
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: schwabe.gr
Sending IP: 103.141.138.124
From: Maria Moraitou <info@schwabe.gr>
Subject: Re: RFQ2739
Attachment: Request For Quotation.r00 (contains "Request For Quotation.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20201021-0740.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5cee15e954a874f584c63652da213b2621127f95466f1382bece4776d6d5b18/
Threat name:
ByteCode-MSIL.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 05:09:20 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yxhocxuvjkdu6wcmmnss3iqtwjrbcj7zkrtpcobl5tsho3lnlmma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c5cee15e954a874f584c63652da213b2621127f95466f1382bece4776d6d5b18

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 c5cee15e954a874f584c63652da213b2621127f95466f1382bece4776d6d5b18

(this sample)

Formbook

Executable exe e50ecaa156dcdcfd9144e660470385da6d44e5b1734fd44415cea067fd8b4417

  
Dropping
MD5 c181e9eba5343cd1e28a78278d73018e
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e50ecaa156dcdcfd9144e660470385da6d44e5b1734fd44415cea067fd8b4417

Comments