MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 085be6a4ad729bd4e1f09c8f08c9f7484ddf5fb099ebb27cff45b11d0ada07a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 085be6a4ad729bd4e1f09c8f08c9f7484ddf5fb099ebb27cff45b11d0ada07a7
SHA3-384 hash: 59bb675eec4cd297d991ec4d7ac4959e160626e7d312c7064f62a45b89f9a0da6be12801694b9f8b5c5601e86a761e76
SHA1 hash: a6ba87cc70a50aa28837f7c6d222ba0d915a135d
MD5 hash: 2fd686910e0a0454a999abc044a991da
humanhash: maine-london-september-iowa
File name:Invoice 948849.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-11-07 10:17:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:Xd5TPfm7pUxneVTCtRxIpCZ5fr2/glN+wmWis6QMnck2O0Dsm:bTPsUxnHtzDZ5y/gl+WrMckj0Am
TLSH 9945E02079C1C072D4B3283005F4D671AF3CB9352FA1999F739C17396FB46D2AA25A6B
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: fsn110.truehost.cloud
Sending IP: 136.243.73.170
From: Saurabh Kumar<admin@hoslinkagency.com>
Reply-To: <jennie.tonner@cremorne.com.au>
Subject: RE: 23208 // CI & PL (WF-8th Shipment)
Attachment: Invoice 948849.img (contains "Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis3D9B2D668D0A.13317.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/085be6a4ad729bd4e1f09c8f08c9f7484ddf5fb099ebb27cff45b11d0ada07a7/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 23:57:20 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bbn6njfnokn5jypqtshqrspxjbg56x5qthv3e7h7iwyr2cw2a6tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 085be6a4ad729bd4e1f09c8f08c9f7484ddf5fb099ebb27cff45b11d0ada07a7

(this sample)

Formbook

Executable exe 74fe23fdb7b12b785e1e6db24dba0536deec51ddac1edbd53a0211b68672628b

  
Dropping
MD5 3d9b2d668d0a4cf655055064bf162fb0
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74fe23fdb7b12b785e1e6db24dba0536deec51ddac1edbd53a0211b68672628b

Comments