MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25e3bcddb7cea53d128677ccab441d5561d78435bfa3a804f9ceb878170ab765. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25e3bcddb7cea53d128677ccab441d5561d78435bfa3a804f9ceb878170ab765
SHA3-384 hash: 36f940bae7a8d65397e56e45b69fc8f798ba9f54f1f2b0d47f0b742b79feef70869eaad28a94fb2d01ce943a747a88e6
SHA1 hash: 74251e4fafcf22ea0c0eab1c556413b2f5b2fa1c
MD5 hash: 1e5460a3ed1c51145a02fb43cd6dd3c3
humanhash: fish-mexico-quiet-east
File name:001207.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:471'357 bytes
First seen:2020-12-07 06:31:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:/ZtNCPMpo6fNsSN5QotRV2RkySNJS7yznk:/NCT+si5nV2u/N8+nk
TLSH 81A4231A373310CD735B7B9DA3BBA41EB0EB9D714691285F4CB0BAB8502E6316361571
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""SURYA SDN BHD" <office@goslesey.com>" (likely spoofed)
Received: "from slot0.goslesey.com (slot0.goslesey.com [45.85.90.157]) "
Date: "Sun, 06 Dec 2020 19:28:10 -0800"
Subject: "BANK IN RECEIPT"
Attachment: "001207.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_exenum416.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25e3bcddb7cea53d128677ccab441d5561d78435bfa3a804f9ceb878170ab765/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=exr3zxnxz2st2eugo7gkwra5kvq5pbbvx6r2qbhzz24hqfykw5sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/25e3bcddb7cea53d128677ccab441d5561d78435bfa3a804f9ceb878170ab765

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 25e3bcddb7cea53d128677ccab441d5561d78435bfa3a804f9ceb878170ab765

(this sample)

Formbook

Executable exe d809df216f28368e1bc3de96702139476f8f2364d2d6e82dec7a540815bc83c0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d809df216f28368e1bc3de96702139476f8f2364d2d6e82dec7a540815bc83c0

Comments