MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfcaedd79e990385731eb5f9002f6fc719ec6f2e51749765f4f2593ebcab9aef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfcaedd79e990385731eb5f9002f6fc719ec6f2e51749765f4f2593ebcab9aef
SHA3-384 hash: bd771111c5c5acce4acb189d6dd483891aa33d0039b78ae2a0ac9554787bff7747c3fbac0c4a6250d276bcfa905170a0
SHA1 hash: a4340aa6060fa91c4310d930c033fd22ab1b8b9c
MD5 hash: 4983a26814862a94b7671274c33df5b6
humanhash: solar-oranges-india-alaska
File name:Payment Slip...Copy.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:275'695 bytes
First seen:2020-07-01 05:32:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:AyITk29OTs6BFYIqyoc073OT32bKD7zddGTaVeFFGQ7IHSnF5Tp2LFjQ29c:aw26zYIPoc07aQK7ddGT0gF18m5TIlxu
TLSH 6D442351396DEFAEC8AC091BD9F558E09BB14BF6A30F4311A0688F5ED344E9079EF061
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yup.yupangco.com
Sending IP: 198.57.182.194
From: Low Wong <low.wong@tuplex.com>
Subject: PAYMENT SLIP
Attachment: Payment Slip...Copy.zip (contains "#PO##5678543278...COPY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfcaedd79e990385731eb5f9002f6fc719ec6f2e51749765f4f2593ebcab9aef/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 05:34:05 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x7fo3v46tebyk4y6wx4qal3py4m6y3zokf2jozpu6jmt5pfltlxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip bfcaedd79e990385731eb5f9002f6fc719ec6f2e51749765f4f2593ebcab9aef

(this sample)

FormBook

Executable exe 430632994b3bcc69911202aa595375009e84accb95b00917bde643fcf031fa4d

  
Dropping
MD5 7a3750d52e2491d0360ec5e3cf5f0b1f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 430632994b3bcc69911202aa595375009e84accb95b00917bde643fcf031fa4d

Comments