MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc8c27adbc0084e491c4178786cf734326b3d841d11447a759d24dcf6eca5537. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc8c27adbc0084e491c4178786cf734326b3d841d11447a759d24dcf6eca5537
SHA3-384 hash: 04bed993c5cc5b4ad5ff37359ab84ee99ba4f6365acdf32215228ba37c15d8fdebc23fa5474c1c8d4d0c0f3c8358b940
SHA1 hash: 078891830bbfdc0c91f8c71f3c89d9f19256941f
MD5 hash: 783de28a1f6b2d4f97e9a148fd1795c2
humanhash: chicken-romeo-cold-south
File name:Bank Details.r15
Download: download sample
Signature Formbook
Create hunting rule
File size:739'651 bytes
First seen:2020-11-05 18:54:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:YeEyi9/4bW2uQRiGffpMpNGMz851SJGtvvKE6D06LsU6GEVdUvu4d7DPg0R4:YeEyAcW2zLfs5zM1SQvvKbXsGETUm4dY
TLSH 3CF433A355113EC151C341F892616239B833AEBFE82ECF56637A4214939D218FF72CB6
Reporter abuse_ch
Tags:FormBook r15


Avatar
abuse_ch
Malspam distributing Formbook:

From: Purchase<purchase@dryfleet.com>
Subject: Re:Purchase Order
Attachment: Bank Details.r15 (contains "Bank Details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc8c27adbc0084e491c4178786cf734326b3d841d11447a759d24dcf6eca5537/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 13:20:34 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7sgcpln4accojeoec6dynt3timtlhwcb2ekepj2z2jg463wkku3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fc8c27adbc0084e491c4178786cf734326b3d841d11447a759d24dcf6eca5537

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar fc8c27adbc0084e491c4178786cf734326b3d841d11447a759d24dcf6eca5537

(this sample)

Formbook

Executable exe 70581c97768f831cf9a0e6e084f44331ffb3d17ed78136dcd6b42e0490b814bf

  
Dropping
MD5 0780d8f88e06fd086fe3e210b674da6d
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 70581c97768f831cf9a0e6e084f44331ffb3d17ed78136dcd6b42e0490b814bf

Comments