MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1143cfbb509c601ee50b6be91a17576f8f500efe37ce10e35d7101ab54044a9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1143cfbb509c601ee50b6be91a17576f8f500efe37ce10e35d7101ab54044a9d
SHA3-384 hash: f7ca2e70f32532632933b19b75df6cfc605ac931e34f908fd7e7d4a5fbfcfa37848f4f778813da26f9b057d68cbaa01d
SHA1 hash: 775da5c10b744286de4e2def9d76096ba2460bc5
MD5 hash: 0d40d197829a01905bbb2146249ea312
humanhash: mountain-happy-charlie-alabama
File name:Purchase Order.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:215'318 bytes
First seen:2021-04-09 05:37:29 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:qj1fHDWY7Kx2WnflpcxT9i/CCLsK0YxSxzwwOCsBks:jY7KfdKxRNCHxSxzwwO31
TLSH 2E242304859382C7018F78E15095BD97E66AE31524B8CFFB87384AF71E1A3245BB1EE7
Reporter cocaman
Tags:FormBook gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Roy Asghar <saslam@pseb.org.pk>" (likely spoofed)
Received: "from pseb.org.pk (unknown [45.137.22.138]) "
Date: "8 Apr 2021 19:21:21 -0700"
Subject: "=?UTF-8?B?UmU6IOWbnuWkje+8mlB1cmNoYXNlIE9yZGVy?="
Attachment: "Purchase Order.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1143cfbb509c601ee50b6be91a17576f8f500efe37ce10e35d7101ab54044a9d/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cfb47o2qtrqb5zilnpuruf2xn6hvadx6g7hbby25oea2wvaejkoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.57
Link:
https://yomi.yoroi.company/submissions/1143cfbb509c601ee50b6be91a17576f8f500efe37ce10e35d7101ab54044a9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 1143cfbb509c601ee50b6be91a17576f8f500efe37ce10e35d7101ab54044a9d

(this sample)

Formbook

Executable exe e5561555b0be45246e4ce5418a203d5a0d800595de770d772d0d86d0ed2662bb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e5561555b0be45246e4ce5418a203d5a0d800595de770d772d0d86d0ed2662bb
  
Dropping
Formbook

Comments