MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 183de1c93b294381f628fd9141d692cdf8185b5b7ede070e90b14abe3b022d6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 183de1c93b294381f628fd9141d692cdf8185b5b7ede070e90b14abe3b022d6e
SHA3-384 hash: 5be3e49b18e044281a0fb45b6e7c2eb4a95134c0dd746df1bcadfa79db00b99ee5d3a5cad931d6b6826ccdfb93e86e42
SHA1 hash: cbf2c6f4141918af1a8bb494bb32ed3d295dd114
MD5 hash: bd4f27f92cc5372d5720df04f4d674f9
humanhash: texas-lion-floor-pip
File name:00100019.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:413'827 bytes
First seen:2020-10-19 09:37:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ELZh22P9wzv3qXoI7XGrJI1IUwPIGnLIh8UmOfZT9eceSMM+aU5GGIPAaDrkL64X:mD9wz272G1IHIiLhMzfHrkMf3mwH6
TLSH 949423D9554A87C5C40DCED69D60A4330287C87668325B3FB313B3882F8B627B475AEB
Reporter cocaman
Tags:FormBook zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""JAYA SDN BHD" <no-reply@chezserver.gq>"
Received: "from chezserver.gq (mta0.chezserver.gq [104.168.219.143]) "
Date: "Mon, 19 Oct 2020 01:40:58 -0700"
Subject: "BANK IN COPY"
Attachment: "00100019.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/183de1c93b294381f628fd9141d692cdf8185b5b7ede070e90b14abe3b022d6e/
Threat name:
Binary.Malware.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-19 09:39:05 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
4 of 48 (8.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=da66dsj3ffbyd5ri7wiudvuszx4bqw23p3paoduqwffl4oycfvxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/183de1c93b294381f628fd9141d692cdf8185b5b7ede070e90b14abe3b022d6e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 183de1c93b294381f628fd9141d692cdf8185b5b7ede070e90b14abe3b022d6e

(this sample)

Formbook

Executable exe 273e14710bfe15975737d9e213b6007a29cc795c993b6b121c745581ec1c4b96

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 273e14710bfe15975737d9e213b6007a29cc795c993b6b121c745581ec1c4b96

Comments