MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8d697d531e714bf3d61fabf687992cbb830300bdccf340e7848717765642972. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	f8d697d531e714bf3d61fabf687992cbb830300bdccf340e7848717765642972
SHA3-384 hash:	eb08539d07cb29b25421dbcf9fefa2456044c80fc5b90b2f51950a00614f0fffaf5344557d1ade75059cf8f09941ab76
SHA1 hash:	89878f1fb5d434bb3a5c529fc9587199fd071605
MD5 hash:	2580669ed5e7fcb31f842741a3e6bdaa
humanhash:	bakerloo-fruit-nevada-juliet
File name:	1619688292.Vfc11I22c87bM71211.dynamene_PROFORMA INVOICE-INV393456434.pdf.r00
Download:	download sample
Signature	Formbook Create hunting rule
File size:	318'492 bytes
First seen:	2021-04-30 08:49:21 UTC
Last seen:	2021-04-30 10:02:30 UTC
File type:	r00
MIME type:	application/x-rar
ssdeep	6144:Xp2dGetP5ZJSTuiZikfKGSsYUvx9sBg3jUXXyFKRnMcDIPI8KitJ9BiK6Pk:X83wiwKhRUvxGBg3YXXyFEnHDEKinpZ
TLSH	486423E8E2688CDA71AE686BA07773BA08CE35B67DE97504379A34CF07B95054473027
Reporter	GovCERT_CH
Tags:	FormBook

Intelligence

File Origin

# of uploads :

2

# of downloads :

90

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f8d697d531e714bf3d61fabf687992cbb830300bdccf340e7848717765642972/

Threat name:

Win32.Trojan.Predator

Status:

Malicious

First seen:

2021-04-29 16:50:03 UTC

AV detection:

16 of 29 (55.17%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7dljpvjr44kl6plb7k7wq6mszo4damal3thtidtyjbyxozleffza._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.47

Link:

https://yomi.yoroi.company/submissions/f8d697d531e714bf3d61fabf687992cbb830300bdccf340e7848717765642972

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 f8d697d531e714bf3d61fabf687992cbb830300bdccf340e7848717765642972

(this sample)

exe 35f2a840353834118e60c526f77c2a95b276cc9e7531c96260b46aa0b6a515ed

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 35f2a840353834118e60c526f77c2a95b276cc9e7531c96260b46aa0b6a515ed

Dropping

MD5 57bc82a2c9998c9c89140b09631251c8

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample