MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07833768d5824f972b7996106ef3cf661784656b80626d1475fad7c8bfd69c4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07833768d5824f972b7996106ef3cf661784656b80626d1475fad7c8bfd69c4d
SHA3-384 hash: fee9d9700901a4b883e7bda6a3c8302a16eaccdfd7f34031e7833b1ede4e90af826056ae0fdb2b8a98c67b45d5ea1a15
SHA1 hash: cde168f1b190f7a55108142c008b8ee22dd36b97
MD5 hash: b5824f667d6b23458ea13b83e0684ccb
humanhash: glucose-timing-apart-cola
File name:DHL AWB 425792974288 DOCUMENT.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:587'015 bytes
First seen:2022-08-18 10:26:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:A3DatMfqYFszngqGsOWiACGTYkvUd79MDBaDgnd52QQZ:KynYF0njGTZWv2uDBpnd52Qy
TLSH T190C43332445A4DC78F36CECA77166C1AE711470D0EF66AAC10B1FCA68FE5C5AE232974
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:DHL FormBook rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""=?utf-8?B?REhM?=" <quote@leogroup.cn>" (likely spoofed)
Received: "from bg5.exmail.qq.com (bg4.exmail.qq.com [43.154.221.58]) "
Date: "Thu, 18 Aug 2022 03:10:22 -0700"
Subject: "Fw: DHL AWB 425792974288 DOCUMENT"
Attachment: "DHL AWB 425792974288 DOCUMENT.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
300
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07833768d5824f972b7996106ef3cf661784656b80626d1475fad7c8bfd69c4d/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2022-08-18 10:27:08 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
9 of 39 (23.08%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a6bto2gvqjhzok3zsyig546pmylyizllqbrg2fdv7ll4rp6wtrgq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220818-mg3xdsdahq/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/07833768d5824f972b7996106ef3cf661784656b80626d1475fad7c8bfd69c4d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 07833768d5824f972b7996106ef3cf661784656b80626d1475fad7c8bfd69c4d

(this sample)

Formbook

Executable exe 2f19a9809177b960f5d9879c23206512a50c50a6835371bff85f4c02c34b90eb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2f19a9809177b960f5d9879c23206512a50c50a6835371bff85f4c02c34b90eb
  
Dropping
MD5 7feedf1704436d223d643383488209f7

Comments