MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf90f085bd311ac6a6ccca5851aecbb2287ac3eb13f9f800c131c2168f15d87b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: cf90f085bd311ac6a6ccca5851aecbb2287ac3eb13f9f800c131c2168f15d87b
SHA1 hash: 080dac9d21af313c016840e621edd6e5d22e5cb5
MD5 hash: bdacad49cbd631100f5700bd2dfa3fd6
File name:1GHBSI.rar
Download: download sample
Signature Formbook
File size:298'053 bytes
First seen:2020-05-23 11:10:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:XXSZb0vNVE+hWiy/amaNWXN5RPH0XXOYuXZDZEZIH5qgdqAeJy+oXS6FJoRcHyKQ:HibcNVvhxfNWX1PH0xuXZdEZIHcgdq46
TLSH FF5423C484CA815C1687A850DB9BC48169BBB4560D90FECED663B344BCE25EEBFC1B1D
Reporter @abuse_ch
Tags:FormBook rar Yahoo


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: sonic303-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.131.42
From: sales Rine <s.rine85@yahoo.com>
Subject: : Fwd: Wire Transfer Payment
Attachment: 1GHBSI.rar (contains "1GHBSI.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 32.26%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar cf90f085bd311ac6a6ccca5851aecbb2287ac3eb13f9f800c131c2168f15d87b

(this sample)

  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment

Comments