MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 becf828f0be0905b44a5307906dad60220f1e28b3b8b1edeb63c7a4e790f7648. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: becf828f0be0905b44a5307906dad60220f1e28b3b8b1edeb63c7a4e790f7648
SHA3-384 hash: 472e2af30ce49d13c72808e3b778dbf9ac926877eb2642ef21a54d5223a2c6fcd044a0b7dcf8df2cb712dac7edf24cf3
SHA1 hash: cab248b7b42ec9aa06596c4638d7b2b98bf9c92c
MD5 hash: 947f565a146e972d15fa7cfe4b5364e5
humanhash: helium-nuts-six-winner
File name:Invoice.tar
Download: download sample
Signature Formbook
Create hunting rule
File size:646'656 bytes
First seen:2020-04-28 17:19:46 UTC
Last seen:2020-04-29 18:30:40 UTC
File type: tar
MIME type:application/x-tar
ssdeep 12288:ewJGJ8Knh7XU4Y8gxwEpJ/7VPpM5d99kqtQ5frLdVBJMt+hcuIZOJ8:ewJGqWhXi8gxwEpJ/7VEUfrLdVBJMghU
TLSH EFD40146922EB25DD56A8B3738F6302060754C31988242370E9A79C35F73ED3D9E5EBE
Reporter cocaman
Tags:tar


Avatar
cocaman
Malicious email
From: "jean kepp"<info@ergocnc.gr>
Received: from server.allxo.com (server.allxo.com [50.116.103.43])
Date: Tue, 28 Apr 2020 10:12:19 -0700
Subject: AW:AW: INVOICE + PACKING LIST
Attachment: Invoice.tar

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis.1304.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 11:27:54 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

tar becf828f0be0905b44a5307906dad60220f1e28b3b8b1edeb63c7a4e790f7648

(this sample)

Formbook

Executable exe a26f2c3365de0a5e3a9868ba0de16f81807076b54abc15625fdda5d730dd809c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a26f2c3365de0a5e3a9868ba0de16f81807076b54abc15625fdda5d730dd809c

Comments