MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6cb5e4350b57ae4f416f0b76ea74c82d72b50abff1a249329d625c4667fe886. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6cb5e4350b57ae4f416f0b76ea74c82d72b50abff1a249329d625c4667fe886
SHA3-384 hash: 21ad7b5269f2446a9edb51e6189ca4772ec0a9ecaa21c0057dd5a307d7abb9bf3392a7dfa08b59436bf4be2b4b9ee38d
SHA1 hash: 1dda79be243a00f9d94458cc2403f323d3b36799
MD5 hash: 2f689e4b3e57b36763c6cc95f12809e1
humanhash: football-ohio-golf-jersey
File name:MV TAN BINH 79 _INQUIRY- Port info_pdf.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:417'921 bytes
First seen:2020-08-17 06:10:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:g8s+ibX+cvi+8rpTDgkz+ltMTO6vETFF3irOagJkw:g8s+i3vi++pTAltV6v4cngqw
TLSH DA9423B3DB684016F15EA8F06F10C9C78E7FB2E51069A0EA54B5817148B5EB4D78EAF0
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 23-111-156-118.static.hvvc.us
Sending IP: 23.111.156.118
From: Raihana Aman (Ms) <raihana.aman@epshipping.com.sg>
Reply-To: raihana.aman@epshipping.com.sg
Subject: MV TAN BINH 79 / INQUIRY OF PORT INFORMATION AND PDA FOR DISCHARGING LIMESTONE IN BULK ABT 45,000 MT AT BAHODOPI, INDONESIA
Attachment: MV TAN BINH 79 _INQUIRY- Port info_pdf.rar (contains "MV TAN BINH 79 _INQUIRY- Port info_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6cb5e4350b57ae4f416f0b76ea74c82d72b50abff1a249329d625c4667fe886/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 06:11:11 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=43fv4q2qwv5oj5aw6c3w5j2mqllswufl74ncjezj2ys4izt75cda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e6cb5e4350b57ae4f416f0b76ea74c82d72b50abff1a249329d625c4667fe886

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar e6cb5e4350b57ae4f416f0b76ea74c82d72b50abff1a249329d625c4667fe886

(this sample)

FormBook

Executable exe a2a9054cc0ce0c7c53a7fbf11b1ea81e80a3e4d6ccff09e731281807c17791fc

  
Dropping
MD5 b12004c2dc3d42ad80bbff8635aa58a4
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a2a9054cc0ce0c7c53a7fbf11b1ea81e80a3e4d6ccff09e731281807c17791fc

Comments