MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f73c800b56405657aec0fad7586a8633fd4cf56797f38b5227271cd75b29b803. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f73c800b56405657aec0fad7586a8633fd4cf56797f38b5227271cd75b29b803
SHA3-384 hash: ae900cbe244b1181e4bc6c5779f8e43ab66d5a29730ffed113f3b490c5063c9d808a907738a215caf4edf324c59bee8a
SHA1 hash: c95653f6967e439a17fa48cb377400de49f400d0
MD5 hash: 5f2ae3b66817f0484f37c5874e758ab8
humanhash: grey-shade-north-alanine
File name:00882320002344-SwiftAdvice_pdf.xz
Download: download sample
Signature Formbook
Create hunting rule
File size:181'312 bytes
First seen:2021-01-19 13:03:44 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 3072:kj1SJdxgllgF1uhQzp8sW1isgIw2DSan3n5a0sIt72XrT/W3DzMLV3k:kj1SJofgFO6pyisrJSa3PUf/W3D4q
TLSH A10412ADF8005CDAC4713DDBE16D3FA82DE5B4C4A0A4526D367B8295CA08907AFCF58D
Reporter abuse_ch
Tags:FormBook xz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 45-135-135-84.cprapid.com
Sending IP: 45.135.135.84
From: tradequalityunit@hdfcbank.com
Subject: Transaction advices for your company . 19-Jan-2021 2021011811559
Attachment: 00882320002344-SwiftAdvice_pdf.xz (contains "00882320002344-SwiftAdvice_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f73c800b56405657aec0fad7586a8633fd4cf56797f38b5227271cd75b29b803/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 13:04:15 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=646iac2wiblfplwa7llvq2uggp6uz5lhs7zywurhe4onowzjxabq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f73c800b56405657aec0fad7586a8633fd4cf56797f38b5227271cd75b29b803

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

xz f73c800b56405657aec0fad7586a8633fd4cf56797f38b5227271cd75b29b803

(this sample)

Formbook

Executable exe bfe365fae8e14aae158de051972efe75103b705f7d8cf84061f857d79bb1993b

  
Dropping
MD5 9d7290bbe5611ee57a7604cbea3518f0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bfe365fae8e14aae158de051972efe75103b705f7d8cf84061f857d79bb1993b

Comments