MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f87404484689cddaf45ab713dc9e291ad88559ee745efa71433be253183a06c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f87404484689cddaf45ab713dc9e291ad88559ee745efa71433be253183a06c7
SHA3-384 hash: 21e516c101286b9b00134d8f58bfaafa03274f84389c0488b8339aa4ba26fe6cbac7cda1a916ff9bee1f357ecc4a6277
SHA1 hash: 21fd628cdbdf7c42fdb414f065e8bfa0b51e07a0
MD5 hash: 871079bc556855f94f7182d5a967b4ca
humanhash: blue-lithium-football-colorado
File name:H4A2-423-EM154-302,Pdf.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'507'328 bytes
First seen:2020-11-07 09:56:47 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:LPOSyVFfCCBy77TdpTtmWBrvhQuMUwMpA:LPQPqWamONfp
TLSH F0658D22E1A15833D4332A388C2B5BA76B25BD502DBCDD46EBFD7D0C6F756823825187
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vm1532797.3ssd.had.wf
Sending IP: 45.14.12.161
From: 권성록 <Kwon2002@naver.com>
Reply-To: citrroen.gouws@gmail.com
Subject: 견적문의 드립니다.(권성록 입니다.)
Attachment: H4A2-423-EM154-302,Pdf.img (contains "H4A2-423-EM154-302.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BackDoor.SpyBotNET.25.19927.29027.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f87404484689cddaf45ab713dc9e291ad88559ee745efa71433be253183a06c7/
Threat name:
Win32.Worm.SpyBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 15:09:43 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7b2aiscgrhg5v5c2w4j5zhrjdlmikwpoorppu4kdhprfggb2a3dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img f87404484689cddaf45ab713dc9e291ad88559ee745efa71433be253183a06c7

(this sample)

Formbook

Executable exe 0ad4a6955fcec7e4768aa5169ad291e3e554e074313bde3ee6c266cddfa2d890

  
Dropping
MD5 240bbc7237c096e97887a0dfbd946cd8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ad4a6955fcec7e4768aa5169ad291e3e554e074313bde3ee6c266cddfa2d890

Comments