MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d32664aac63daed7ac81d5d763a8389ed04726f7d9781b1f112056a20d2e7942. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d32664aac63daed7ac81d5d763a8389ed04726f7d9781b1f112056a20d2e7942
SHA3-384 hash: b3d2701273f75279c808a1e21c03569367b0a864ccae9081cc4ef967e2b12151b306276ca0e67a0e90f6f7b2aff82273
SHA1 hash: 0cf54fd68ddca68b3bfcac52eadb1f540d0fdf6a
MD5 hash: 9f34b804128d4ac03bbb6abab79f5ed6
humanhash: river-fanta-twenty-texas
File name:W08347.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:568'642 bytes
First seen:2021-01-06 07:55:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:59J0s6PMIKBwAaXSlUP8O3iAE7W4u2MiukqGSTmYwuOHqRo15c7:VCAaXSlUPxiAE7W4uVi6TxbNs5g
TLSH AEC423812D35B86B8FF8D556ECD6D9DD3D2840B4527F5C622B30286CE206A29F3328D9
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: coimtra.cam
Sending IP: 111.90.159.197
From: Nguyen Anh <Nguyen@coimtra.cam>
Subject: R: I: R: R: R: R: R: ORDER W08347
Attachment: W08347.rar (contains "W08347.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d32664aac63daed7ac81d5d763a8389ed04726f7d9781b1f112056a20d2e7942/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-06 07:56:05 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2mtgjkwghwxnpleb2xlwhkbyt3ieojxx3f4bwhyreblkedjopfba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d32664aac63daed7ac81d5d763a8389ed04726f7d9781b1f112056a20d2e7942

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar d32664aac63daed7ac81d5d763a8389ed04726f7d9781b1f112056a20d2e7942

(this sample)

Formbook

Executable exe 48e91aaa4b96fa73dbc3bdb98ca784031bb6bed5aa790acfb85d258e7738044a

  
Dropping
MD5 1cc80b3efd15b9464056ad7b1a29a0d3
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 48e91aaa4b96fa73dbc3bdb98ca784031bb6bed5aa790acfb85d258e7738044a

Comments