MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d890158cdb88b5865b53b892c418d8e6743dfcc0bdf9df68ebc64078e62daa8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d890158cdb88b5865b53b892c418d8e6743dfcc0bdf9df68ebc64078e62daa8e
SHA3-384 hash: 06382982f3888d41dd5cc72829c4bb87a1e232f2d775856e9f4452596e28c07feb6a0bbb893a001ade02916d64e78863
SHA1 hash: 22ad48e0636e3f41e9f83cd10d2bba4ca07dbe29
MD5 hash: 0f90db99c423ce9a8f2aa9b98c4ed9a2
humanhash: pluto-saturn-massachusetts-wyoming
File name:RFQ_005324BITRO_SCAN.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:495'799 bytes
First seen:2021-04-01 18:37:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:xcLzudXWm6lDQmR7lbIWGXkFdhf7zuHRTso8gmzrMkQ:WLFD1bbAkGn8/zjQ
TLSH A0B4233F14142F9DDF289C4396681A69FFC5E512588B4D1340A6FCBB69EA3904C7AEC8
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.ntpm.com.tw
Sending IP: 118.163.98.197
From: David Newell <d.newell@matcon.com>
Subject: MATCON PO-4131000/03/21
Attachment: RFQ_005324BITRO_SCAN.rar (contains "RFQ_005324BITRO_SCAN.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d890158cdb88b5865b53b892c418d8e6743dfcc0bdf9df68ebc64078e62daa8e/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 18:38:10 UTC
AV detection:
5 of 44 (11.36%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3cibldg3rc2ymw2txcjmiggy4z2d37gaxx4562hlyzahrzrnvkha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/d890158cdb88b5865b53b892c418d8e6743dfcc0bdf9df68ebc64078e62daa8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar d890158cdb88b5865b53b892c418d8e6743dfcc0bdf9df68ebc64078e62daa8e

(this sample)

Formbook

Executable exe 9a98416de7ffdfce15b623e404f18141d2da3466458b00428312ba45ea4523db

  
Dropping
MD5 26ea9f54d71ba1b8a690121fa707b104
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9a98416de7ffdfce15b623e404f18141d2da3466458b00428312ba45ea4523db

Comments