MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 222bb76a9361bcb5674ff2a7563e3c5a681840d3dc69271191d288ce8875c931. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 7


Intelligence 7 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 222bb76a9361bcb5674ff2a7563e3c5a681840d3dc69271191d288ce8875c931
SHA3-384 hash: a219bd6810e35a261cdb4af713788f7dee678838facf3fe663424be715dc3baa50571dd8a946cab06adc4a1b94c4eb94
SHA1 hash: 0dd2bf63716df6143f9e9321e6c773485cc5f6ba
MD5 hash: c28343a886e269ef339af302f27c016f
humanhash: dakota-kitten-hydrogen-ack
File name:Quote for revised order.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:777'742 bytes
First seen:2024-08-03 09:46:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:gBicwsq7AQ22bpeJ6QGkHGoo4nMAavC1M/ZvBfhWRUYqRIgyPgqbVbfRfAekC+DU:gU722bUceHGInMnCuhxhvsoefyPJ5A
TLSH T179F4332D5B251F9F4E0400B88F2F8FD1A45EDEDE6A7DAC6ABF41EAC41F67A540D90600
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook rar


Avatar
cocaman
Malicious email (T1566.001)
From: "TINACHEN<TINACHEN@time-interconnect.com>" (likely spoofed)
Received: "from time-interconnect.com (unknown [185.222.58.57]) "
Date: "1 Aug 2024 05:13:27 +0200"
Subject: "Re: Quote for revised order"
Attachment: "Quote for revised order.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
430
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Quote for revised order.exe
File size:824'320 bytes
SHA256 hash: 18e5ff8af38bd3bd2a0a497543241be74cf4ce575cc5c564cd34e6e3f41122aa
MD5 hash: b160e34919e8e4b81bd8414f6f680126
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66aafee6037b02d0daecd7f1
Tags:
Execution Stealth Swotter
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/222bb76a9361bcb5674ff2a7563e3c5a681840d3dc69271191d288ce8875c931
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/222bb76a9361bcb5674ff2a7563e3c5a681840d3dc69271191d288ce8875c931/
Threat name:
ByteCode-MSIL.Trojan.SuspMsilIn7zEmail
Create hunting rule
Status:
Malicious
First seen:
2024-08-01 03:47:40 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
23 of 38 (60.53%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eiv3o2utmg6lkz2p6ktvmpr4ljubqqgt3rusoemr2kem5cdvzeyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/222bb76a9361bcb5674ff2a7563e3c5a681840d3dc69271191d288ce8875c931

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 222bb76a9361bcb5674ff2a7563e3c5a681840d3dc69271191d288ce8875c931

(this sample)

Formbook

Executable exe 18e5ff8af38bd3bd2a0a497543241be74cf4ce575cc5c564cd34e6e3f41122aa

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18e5ff8af38bd3bd2a0a497543241be74cf4ce575cc5c564cd34e6e3f41122aa
  
Dropping
Formbook

Comments