MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b56dc4089c0421e6664f6c12c30d9181875c295420541e49ad815d2f05f48ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b56dc4089c0421e6664f6c12c30d9181875c295420541e49ad815d2f05f48ce
SHA3-384 hash: 48ba347c0ef49363c620a40ce287084d55acbe4ca4b3fc5ef6b5986accac857b5a92370b1b7ec0cbcee9df0f9222f960
SHA1 hash: fd0fa017a06461b8a7aa3546cd43f12f354838e0
MD5 hash: 5aaf57c6b1f4621fbb4427f72913ec2a
humanhash: shade-uranus-table-paris
File name:Shipping Doc.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:555'644 bytes
First seen:2021-03-16 10:46:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:vFgquRvKdSBphamjlqRihGEVFIZScTBMGP9ZIVL:vXu5iGHpwiVIZd2GPyL
TLSH BCC423EC503C3E0758DF1230CFD9E40F28586DE91D170F5B562ABEA2912A95BBE7212D
Reporter abuse_ch
Tags:DHL FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cloud-linux-05.chaiyohosting.com
Sending IP: 202.43.45.167
From: DHL SERVICE <operations@blueeast.com>
Subject: 回覆: Shipment Notice PI, Bill of Landing/invoices
Attachment: Shipping Doc.zip (contains "Shipping Doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_badexts35.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25374.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b56dc4089c0421e6664f6c12c30d9181875c295420541e49ad815d2f05f48ce/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2021-03-16 10:47:06 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dnlnyqejybbb4zte63asymgzdamhlquviicudze23ak5f4c7jdha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/1b56dc4089c0421e6664f6c12c30d9181875c295420541e49ad815d2f05f48ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 1b56dc4089c0421e6664f6c12c30d9181875c295420541e49ad815d2f05f48ce

(this sample)

Formbook

Executable exe 818394d82d92e8a84de4e818eac65bbd15cdfafacdec28c7a73a91f5848c03c4

  
Dropping
MD5 95b28ac8e6b05687f63c69814f7926e6
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 818394d82d92e8a84de4e818eac65bbd15cdfafacdec28c7a73a91f5848c03c4

Comments