MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105
SHA3-384 hash: 18fa51f14325bf56fadd35d13414bc68471431e256f21ac085f43b391d98b7c8602803ae87a3a42926a9b5ba49efe15a
SHA1 hash: 433e68c3fa4b588f197045c4d4a1e63379a7a52a
MD5 hash: 839c3c742d25c7109119c5e0f545a465
humanhash: oranges-speaker-music-india
File name:HBNEGO76.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:452'243 bytes
First seen:2020-10-28 07:52:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:d7bDn9vm8TYXctaYClWi8n2HiSmD/gySUvg4u3W:dnDU2acBic0P63
TLSH 0BA423F1830853868F39895C5F11ADA28561C1ED2497FAF6A74DCF0C02E99BDDEE6A40
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sonic313-10.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.185.33
From: HASSAN EJIWUNMI <haejiwunmi@yahoo.com>
Subject: FW: Payment Transfer
Attachment: HBNEGO76.rar (contains "rWYwknnWR9dImEO.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-28 05:11:31 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ywn3mr67czgpgum6ezmkbar2rfwa4kohyq2moya4d36puyeiecq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar f62cddb23ef8b2679a8cf132c50411d44b60714e3e21a63b00e0f7e7d3044105

(this sample)

FormBook

Executable exe 18c2c7353431fb6ef10a1a3a8abd5219e4cc4f669c56bf4f68bc6d5e2246a806

  
Dropping
MD5 55945ecdc4f9f09e7392e686764d9355
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18c2c7353431fb6ef10a1a3a8abd5219e4cc4f669c56bf4f68bc6d5e2246a806

Comments