MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14812faa80c3689936223dee7b5d2700f8abdfa4a95da5c63b036cb08540197d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14812faa80c3689936223dee7b5d2700f8abdfa4a95da5c63b036cb08540197d
SHA3-384 hash: 3dac20916566fe2a32b29472f1776abab40b0edd5db1c5b91ddbb136d5cb0c36a8edf5768450aa8f9560a4adc2b20f3c
SHA1 hash: 60f0589a6eb8b45a705be66d12dcd8e3bf8f35a8
MD5 hash: 5d18bea088b7fb330f0f9dea0b411c7a
humanhash: ohio-single-salami-finch
File name:Reconfirm seed quotation_ RUQ CONT NOB13452.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:434'708 bytes
First seen:2021-02-25 14:13:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:k8ZVfMbFKnK1x/PCTRCaYgHBo3ojtq5zRDdX5RLFZDeGJjW6MJCDs:vjEbYgORPro3otq5zzzhZ5j2Jes
TLSH A49423B3C7807EC085DE09FFA10C33DBC91340154699A56B55A5FEAD2432BAC6DE1E8E
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: [185.239.242.237]
Sending IP: 185.239.242.237
From: Nguyen Hien<info@alkawtharnational.com>
Subject: RECONFIRMATION OF Reap seed quotation RUQ CONT NO: DFB135840
Attachment: Reconfirm seed quotation_ RUQ CONT NOB13452.zip (contains "Reconfirm seed quotation_ RUQ CONT NOB13452.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.BredoZp-B.31207.20463.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14812faa80c3689936223dee7b5d2700f8abdfa4a95da5c63b036cb08540197d/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 14:14:08 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=csas7kuaynujsnrchxxhwxjhad4kxx5evfo2lrr3anwlbbkadf6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 14812faa80c3689936223dee7b5d2700f8abdfa4a95da5c63b036cb08540197d

(this sample)

FormBook

Executable exe 6a4762f9c862a1ee20e00a7706f5b7dd6f12575513efdb09ea36adbec1ee202f

  
Dropping
MD5 10339c83c00cf7825ce413663015a70a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a4762f9c862a1ee20e00a7706f5b7dd6f12575513efdb09ea36adbec1ee202f

Comments