MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 266165b8bff5df072dc75aa2f9d0262d1f745aa6a0955c4b9ab0a4b5ac4c7f99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 6

Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash:	266165b8bff5df072dc75aa2f9d0262d1f745aa6a0955c4b9ab0a4b5ac4c7f99
SHA3-384 hash:	4354494e9bd93bab85f618380bd6cde8051b9dc46309de399fc19c00701c321f7f306c86c229c9eb631387d472283108
SHA1 hash:	6e480931af524bfd8489ce385938f14e67ea6695
MD5 hash:	51e38bcfafc7b234a93adc8171106e7c
humanhash:	arizona-december-quebec-eleven
File name:	=?UTF-8?Q?=D0=9D=D0=BE=D0=B2=D1=8B=D0=B9_=D0=BF=D0=BE=D1=80=D1=8F=D0=B4=D0=BE=D0=BA.zip?=
Download:	download sample
Signature	Formbook Create hunting rule
File size:	716'640 bytes
First seen:	2023-02-27 18:40:08 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:sWWMFP5iRAkN9gub3el5DiCR3NUxCmb5qhQy0GKFSK/CpDeWAepx6lBXnjFQUCn:sdM52AkNtbSZiS9UsXdEkelD51Cn
TLSH	T172E423BDAED6F488C7694E75B71E3A30FF2AD49FE9421AAC4C40DE90516DF00A58CD18
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	FormBook zip zip?=

cocaman

Malicious email (T1566.001)
From: ""Centar za muziku" <czm@kolarac.rs>" (likely spoofed)
Received: "from smtp97.beotel.net (smtp97.beotel.net [194.106.162.97]) "
Date: "Mon, 27 Feb 2023 01:25:55 +0100"
Subject: "=?UTF-8?Q?RE:_=D0=9D=D0=9E=D0=92=D0=AB=D0=99_=D0=97=D0=90=D0=9A=D0=90=D0=97?="
Attachment: "=?UTF-8?Q?=D0=9D=D0=BE=D0=B2=D1=8B=D0=B9_=D0=BF=D0=BE=D1=80=D1=8F=D0=B4=D0=BE=D0=BA.zip?="

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	Новый порядок.exe
File size:	880'640 bytes
SHA256 hash:	5dc78112397a04a6b3cef6f63aa0c817e641cb4cefb8fd91958cdfed48d57bbe
MD5 hash:	cf3f500e6a5a3a332789cf3c62f93f35
MIME type:	application/x-dosexec
Signature	Formbook

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.28872.BadIN4.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/63fcf9400796d7d621e8ff0e/reports/630f804f-95da-4e90-a873-5d0d9cfd12d4/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/266165b8bff5df072dc75aa2f9d0262d1f745aa6a0955c4b9ab0a4b5ac4c7f99

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/266165b8bff5df072dc75aa2f9d0262d1f745aa6a0955c4b9ab0a4b5ac4c7f99

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/266165b8bff5df072dc75aa2f9d0262d1f745aa6a0955c4b9ab0a4b5ac4c7f99/

Threat name:

Win32.Trojan.Swotter

Status:

Malicious

First seen:

2023-02-27 17:50:36 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

7 of 39 (17.95%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ezqwlof76xpqolohlkrptubgfupxiwvguckvys42wcslllcmp6mq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/266165b8bff5df072dc75aa2f9d0262d1f745aa6a0955c4b9ab0a4b5ac4c7f99

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.