MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cf4a440f09eb870ac2eee86adbc4d74044d1be260d379ccd4fce3b8e0e3df6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cf4a440f09eb870ac2eee86adbc4d74044d1be260d379ccd4fce3b8e0e3df6a
SHA3-384 hash: fcdf0ea0efb10e58017be376f18d0e36e898f8c38193dec602a8ff0ce0775284e3d13492a1fd399e050b39072aa6082a
SHA1 hash: 1e4be3a573029b5f866a19ed9c22e9d91861944e
MD5 hash: 26beece36b944dac9fb86d072048fe45
humanhash: oxygen-seven-queen-sierra
File name:Export Invoices_Packing List.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:545'654 bytes
First seen:2021-04-07 11:19:15 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:XGX7MnKLlYji9p/qpS/uXeEGkvICloLMia3EpF7ZqTmw:XGXEklGu0pS/uuEZvIoX3EpF70
TLSH EDC4234B672236B934F3ADFE41491760C9E69B0E6EE28EF04C734535114F9A64FA24F4
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: leoni.com
Sending IP: 103.153.183.156
From: <info@leoni.com>
Subject: Re:1x20ft Container Shipment - Factory Stuffing on 10th April 2021 / Export Invoice & Packing list
Attachment: Export Invoices_Packing List.rar (contains "Export Invoices_&Packing List.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1cf4a440f09eb870ac2eee86adbc4d74044d1be260d379ccd4fce3b8e0e3df6a/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 11:20:11 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dt2kiqhqt24hblbo52dk3pcnoqce2g7cmdjxttgu7tr3ryhd35va._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1cf4a440f09eb870ac2eee86adbc4d74044d1be260d379ccd4fce3b8e0e3df6a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 1cf4a440f09eb870ac2eee86adbc4d74044d1be260d379ccd4fce3b8e0e3df6a

(this sample)

Formbook

Executable exe 228d3b8dea2bd47cf98d69b89b5acdfa3a1425e201217882edc93de72fe0e37e

  
Dropping
MD5 7bb5e280fa7ba8cf2dfce650034339e0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 228d3b8dea2bd47cf98d69b89b5acdfa3a1425e201217882edc93de72fe0e37e

Comments