MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 255008609396fe2a40a097e7267a6d73cae83d9f215bfa5ead78e066530fc312. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 255008609396fe2a40a097e7267a6d73cae83d9f215bfa5ead78e066530fc312
SHA3-384 hash: 026ec5c402e2d876b3538ea3a6b3f2d7a138de35000b5f4e7f097069c4b50a3c22577bea608d110430d8fa62ff3b54f4
SHA1 hash: 34d2c60541538fe9b77a5c7e38e6da5999f4e22b
MD5 hash: 275a87bf834cbd8e9c308ff72f8fbba3
humanhash: social-spring-hot-thirteen
File name:PO PL.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:415'652 bytes
First seen:2021-04-01 07:22:04 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 12288:sNmTb6TQb+QOddec96IU1h4fV11jHdQnvHq:sNyb6Mb+QYAc9kCfV11peK
TLSH 439423D9EE147CE4B64DA63A3A8088BE98459723FF325335C0F676EE0D28C5D52D40B6
Reporter abuse_ch
Tags:7z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.fullbdc.com
Sending IP: 92.204.129.152
From: Paul Len <plen@speednetllc.com>
Subject: Fw: RE: BA- PO PL CONFIRM9903846
Attachment: PO PL.7z (contains "PO PL.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25544.7zHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/255008609396fe2a40a097e7267a6d73cae83d9f215bfa5ead78e066530fc312/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 07:22:15 UTC
AV detection:
10 of 44 (22.73%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eviaqyets37cuqfas7tsm6tnopfoqpm7efn7uxvnpdqgmuypymja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/255008609396fe2a40a097e7267a6d73cae83d9f215bfa5ead78e066530fc312

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 255008609396fe2a40a097e7267a6d73cae83d9f215bfa5ead78e066530fc312

(this sample)

Formbook

Executable exe 7f6694752a3e50d4f811fb5c807f305ba5c4b422c3fa10468132575c6c2505b6

  
Dropping
MD5 146df9b86840579f7bdf40693a83edc9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7f6694752a3e50d4f811fb5c807f305ba5c4b422c3fa10468132575c6c2505b6

Comments