MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc3109fa33d71dd56c44883048eb4b0ecd1b0b70c3630ea8c08e6042af008ae3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc3109fa33d71dd56c44883048eb4b0ecd1b0b70c3630ea8c08e6042af008ae3
SHA3-384 hash: 6df1ab1264bc5b70501c7975431e0f2a27d44ed12013ca1b332da6574df4da8d810e8e2e291f971c6017193bd3d36e3f
SHA1 hash: 37543b4bb8364027a12cf6c3bdd57975d65deee5
MD5 hash: 93e68bc254b2e38e4f86165ccc6c3ddb
humanhash: delta-lamp-papa-oxygen
File name:PO2021.01.08.cab
Download: download sample
Signature Formbook
Create hunting rule
File size:629'861 bytes
First seen:2021-01-08 08:29:36 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:xBrOR4i6F+jnagpp16VVBt8S22TLofZD7qtOsap951TVhJCyCp+p9PkQd:xBrjau18S22QfZD7UOTTVhJCDp+vkY
TLSH A3D4237196048239C42199DB4C102A74A57DDBED51FC22722C9980F81676FE1AAFAFFC
Reporter abuse_ch
Tags:cab FormBook geo KOR


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail-smail-vm43.hanmail.net
Sending IP: 203.133.180.231
From: 모노아트 <mono7874@hanmail.net>
Subject: 우리를_인용하십시오
Attachment: PO2021.01.08.cab (contains "PO(2021.01.08).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc3109fa33d71dd56c44883048eb4b0ecd1b0b70c3630ea8c08e6042af008ae3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-08 08:30:13 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3qyqt6rt24o5k3cerayer22lb3grwc3qynrq5kgarzqeflyarlrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dc3109fa33d71dd56c44883048eb4b0ecd1b0b70c3630ea8c08e6042af008ae3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

cab dc3109fa33d71dd56c44883048eb4b0ecd1b0b70c3630ea8c08e6042af008ae3

(this sample)

Formbook

Executable exe 1b5004202a937dee50606dce53bcd34fb8b3dbff8a8d444bbd013d9076da4af5

  
Dropping
MD5 8dbc05d9fbffacd8de350ef4ac491d8a
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b5004202a937dee50606dce53bcd34fb8b3dbff8a8d444bbd013d9076da4af5

Comments