MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01c9ef989594dd752b02d280530c117f0c744c18fe3351a9ef24e0a6b44c3191. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01c9ef989594dd752b02d280530c117f0c744c18fe3351a9ef24e0a6b44c3191
SHA3-384 hash: 42fd42714053fe7746a56f0538c75fd28a7c472be671499fa4f922f74027a169e9f7cba028e68d70712fa32fff85c3a3
SHA1 hash: bc88ce965ce15cafb5914b90918ab339bd96dbc3
MD5 hash: 664c9c6579b65a2c163c01689620599c
humanhash: black-florida-bluebird-stream
File name:PO0932083943974.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:416'967 bytes
First seen:2020-07-21 18:46:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:4t/a1pBbVP+8W3ZpIjgCOVGDaO1xXLuKuI/7oguusku66oArUySXOt/5dQnDHuN0:4da1p1qPInamBKKuIETuvJ62uIff
TLSH 7494231591D40AA9DED0DC3C21D21D418B4D76316CC205933FEDA6A92EE2F2DF8DA19B
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.198
From: Michael <michael-cui@haixin-crafts.com>
Subject: PO0932083943974
Attachment: PO0932083943974.zip (contains "PO0932083943974.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EOQO.28085.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01c9ef989594dd752b02d280530c117f0c744c18fe3351a9ef24e0a6b44c3191/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-21 18:48:06 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahe67gevstoxkkyc2kafgdarp4ghitay7yzvdkppetqknncmggiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 01c9ef989594dd752b02d280530c117f0c744c18fe3351a9ef24e0a6b44c3191

(this sample)

Formbook

Executable exe a0086dfee2dba4d6a0adab05e848cfbb9755f68be7adef3ff35ff9740e5a1c2e

  
Dropping
MD5 42e8fda0885f8ce54deaabab4d25f775
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a0086dfee2dba4d6a0adab05e848cfbb9755f68be7adef3ff35ff9740e5a1c2e

Comments