MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7a5278c1824f2acfa9266a4fb5db86a91a32b101433f8435a4596da5a497d0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7a5278c1824f2acfa9266a4fb5db86a91a32b101433f8435a4596da5a497d0b
SHA3-384 hash: 74a41798a30723cce1b967b827566a3957afd4baf41e7043853e999503a0fe22bd71d1d663f9eabe145dd7e690eee651
SHA1 hash: b0c5a073108984efc5cd44258720e2f0184d27f6
MD5 hash: fe1178f2b00d1d0288e55089017f3620
humanhash: tennessee-thirteen-muppet-early
File name:NEW PRODUCT RFQ SPECIFICATION.Z
Download: download sample
Signature Formbook
Create hunting rule
File size:261'128 bytes
First seen:2020-08-18 09:21:46 UTC
Last seen:2020-08-19 00:13:27 UTC
File type: z
MIME type:application/x-rar
ssdeep 6144:V7fxdLocN6Sl/l6rSfms4uV8jU19AqwxdhRwfVLN1s:F5GBSlkrSfmxuygsxch1s
TLSH 754423A12A0A7EC5E9CDBC501433F5FE633D9D1204DA7D83BB0DC74DAE069698D88A17
Reporter cocaman
Tags:FormBook z


Avatar
cocaman
Malicious email
From: Purchase5<sales05@raykevent.com>
Received: from raykevent.com (unknown [212.83.46.93])
Date: 18 Aug 2020 13:43:29 -0700
Subject: NEW ORDER INQUIRY
Attachment: NEW PRODUCT RFQ SPECIFICATION.Z

Intelligence

File Origin
# of uploads :
4
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7a5278c1824f2acfa9266a4fb5db86a91a32b101433f8435a4596da5a497d0b/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 09:23:05 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w6sspdayetzkz6usm2spwxnynki2gkyqcqz7qq22iwlnuwsjpufq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z b7a5278c1824f2acfa9266a4fb5db86a91a32b101433f8435a4596da5a497d0b

(this sample)

Formbook

Executable exe c62ef08103c30d5d2d18fbc2eff820985af40aa377828ef72c3ecad495103511

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c62ef08103c30d5d2d18fbc2eff820985af40aa377828ef72c3ecad495103511
  
Dropping
Formbook

Comments