MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d03f3b404e36c5f14198166d3e55e3d45885f9c289181c0074be319bc5cbb443. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d03f3b404e36c5f14198166d3e55e3d45885f9c289181c0074be319bc5cbb443
SHA3-384 hash: 96ac622410ba28247876d353db6e861a70f8592d75faaf6eb3334a7d55b1f758051684e56bff6ab842c8740c29277946
SHA1 hash: 32f5e6b838166a8f444d5672c46e656569808e40
MD5 hash: 083e2054033818ff94c2c17bb089610f
humanhash: table-zebra-johnny-network
File name:PO_768960.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:563'934 bytes
First seen:2020-08-30 15:39:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:/M9ZuZrRCZEvzfAeDbK+wGjygV7FthMRFZA3bL4pP4Y0x:/M9ZuZrRCZEvTAEbK+BeEF/MNA3PaP3i
TLSH BEC42388CD5A57681CF08B13E6D177C81B85A3F9281748AB72606F3B7B6787A15FF084
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: smtpcmd11127.aruba.it
Sending IP: 62.149.156.127
From: Daniele helgi<daniele@e3cube.it>
Subject: RE: Re: Re: PO_768960
Attachment: PO_768960.rar (contains "PO_768960.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d03f3b404e36c5f14198166d3e55e3d45885f9c289181c0074be319bc5cbb443/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2a7twqcog3c7cqmyczwt4vpd2rmil6ocrembyaduxyyzxrolwrbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d03f3b404e36c5f14198166d3e55e3d45885f9c289181c0074be319bc5cbb443

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar d03f3b404e36c5f14198166d3e55e3d45885f9c289181c0074be319bc5cbb443

(this sample)

FormBook

Executable exe cd88f1f0051fb232edba57fff3fc2b789e0b286ec9b938d8f31c3ef52c6848df

  
Dropping
MD5 355224f891c99b9d201de25cd4c8b4be
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cd88f1f0051fb232edba57fff3fc2b789e0b286ec9b938d8f31c3ef52c6848df

Comments