MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments

SHA256 hash: f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105
SHA3-384 hash: 18fa51f14325bf56fadd35d13414bc68471431e256f21ac085f43b391d98b7c8602803ae87a3a42926a9b5ba49efe15a
SHA1 hash: 433e68c3fa4b588f197045c4d4a1e63379a7a52a
MD5 hash: 839c3c742d25c7109119c5e0f545a465
humanhash: oranges-speaker-music-india
File name:HBNEGO76.rar
Download: download sample
Signature FormBook
File size:452'243 bytes
First seen:2020-10-28 07:52:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:d7bDn9vm8TYXctaYClWi8n2HiSmD/gySUvg4u3W:dnDU2acBic0P63
TLSH 0BA423F1830853868F39895C5F11ADA28561C1ED2497FAF6A74DCF0C02E99BDDEE6A40
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sonic313-10.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.185.33
From: HASSAN EJIWUNMI <haejiwunmi@yahoo.com>
Subject: FW: Payment Transfer
Attachment: HBNEGO76.rar (contains "rWYwknnWR9dImEO.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Status:
Malicious
First seen:
2020-10-28 05:11:31 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105

(this sample)

  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments