MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3cf7a8a268cb2d9d316c8566ca50a6e1a1e8c01951eb654c1535d9f1380f3fe5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3cf7a8a268cb2d9d316c8566ca50a6e1a1e8c01951eb654c1535d9f1380f3fe5
SHA3-384 hash: 06256acf50364a804c9df1f5b41cfd8f4aa6ed039fccc5d04e79deb129b6a01abaa0f54f433db38ba04f2e667809132e
SHA1 hash: 8db23320d6890cc2387588aedcbb82f38a3b488a
MD5 hash: 1edaca4ba19ce51252590ff8ff01117c
humanhash: spring-india-alaska-uncle
File name:Toyo Engineering Corporation.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:345'522 bytes
First seen:2020-07-21 06:27:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DX+4JoM3ldkL7+mg/nTReFoITaumI9fS9kU9NuoIyAc071OvcCUfz7SzRhd09gHd:q4d3bEg/TReGO6VNucAc071Ovi+nh/
TLSH 8F74232336D903FACE189C36EE9A24C37E19A3842D8924B60FE5DF3B1564F9D7C20555
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.megatroncorp.community
Sending IP: 162.241.205.158
From: Nurul Najwa <server@huttprimax.partners>
Reply-To: info-toyo@engineer.com
Subject: Toyo Engineering Corporation // Request For Inquiry // 21.7.2020
Attachment: Toyo Engineering Corporation.zip (contains "Toyo Engineering Corporation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3cf7a8a268cb2d9d316c8566ca50a6e1a1e8c01951eb654c1535d9f1380f3fe5/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:29:09 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ht32ritizmwz2mlmqvtmuufg4gq6rqazkhvwktavgxm7coaph7sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3cf7a8a268cb2d9d316c8566ca50a6e1a1e8c01951eb654c1535d9f1380f3fe5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 3cf7a8a268cb2d9d316c8566ca50a6e1a1e8c01951eb654c1535d9f1380f3fe5

(this sample)

FormBook

Executable exe 2059f1585290ca102aa23d8d92f479a4c0940f1a8957b5226e4c36b9b115c7c5

  
Dropping
MD5 ade13e63e8767b76cb036972c773a1af
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2059f1585290ca102aa23d8d92f479a4c0940f1a8957b5226e4c36b9b115c7c5

Comments