MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 288af22386d598b4f132cdd48af047726697d5be16b5e7757eab935e54605c44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 288af22386d598b4f132cdd48af047726697d5be16b5e7757eab935e54605c44
SHA3-384 hash: d8b6061b67016bd97316cfa2f92ad151373a6d0152fa3a6f5b9223652c683cf75b9efe23e84a57dce0602fc12c1496dc
SHA1 hash: ed8993990e707bd5f7e48b7dc676c82c0cbe85ca
MD5 hash: 1a0492c001243799355edeeee6763f1f
humanhash: aspen-muppet-papa-don
File name:PO894749745.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:518'317 bytes
First seen:2020-07-08 05:46:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:r5VvfQZ9MyY2Ym4caejYWFkUXPDejOdSyTWQueasyV4ZY7KPycC/T73nShyY4Abj:1VH541aUXPajKSdQuoZY7Kq7FRvKjSi
TLSH 24B42328711A901A168178EB77437CC574900E93CF75022A31CAB2E6E5E879FDD893EF
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.197
From: 陈燕敏 <merry_chen@toostyle-china.com>
Subject: PO894749745
Attachment: PO894749745.zip (contains "PO894749745.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/288af22386d598b4f132cdd48af047726697d5be16b5e7757eab935e54605c44/
Threat name:
ByteCode-MSIL.Backdoor.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 05:48:06 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fcfpei4g2wmlj4jszxkiv4chojtjpvn6c226o5l6vojv4vdalrca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 288af22386d598b4f132cdd48af047726697d5be16b5e7757eab935e54605c44

(this sample)

Formbook

Executable exe 371a78d5f848b70de0d716586851eec55e92fc1e4e5898943c62c67a99c9e07a

  
Dropping
MD5 c705b518d1ca69c0443f2f5eb0e655a2
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 371a78d5f848b70de0d716586851eec55e92fc1e4e5898943c62c67a99c9e07a

Comments