MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c7c8ca2ef61dcfa24d6f46abd79caf21e2fefb14177e5d9a81deb6497a40439. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c7c8ca2ef61dcfa24d6f46abd79caf21e2fefb14177e5d9a81deb6497a40439
SHA3-384 hash: e9261e66b61144e1c09ca07439bd7cf4c49fe6ab32017720126a4963037c4c3e78a49b82c35cbbc38febee40ee3fac5f
SHA1 hash: 08828806cb5d189d7084c45f009f52ba36b5fb1b
MD5 hash: 394465d0a1cea0029e745740733a0672
humanhash: summer-mockingbird-ink-don
File name:payment copy.r05
Download: download sample
Signature Formbook
Create hunting rule
File size:654'541 bytes
First seen:2022-08-31 09:12:03 UTC
Last seen:Never
File type: r05
MIME type:application/x-rar
ssdeep 12288:FC3j2XXN46NJB/qcASbi/1ZR/QKndxwNEzu19yrfT0nK/zqqDF:FPXaMicRS1PQ8I+z1rfT0KbfR
TLSH T181D42357FE978CAA6DE0ED92B7F64E07D58CDEC520409C9C0C9BE144D89B1A1843B4F6
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook payment r05 SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "jenny@intraspare.co.kr" (likely spoofed)
Received: "from intraspare.co.kr (unknown [103.180.134.230]) "
Date: "30 Aug 2022 11:59:13 -0700"
Subject: "FW; RE: Swift Transfer"
Attachment: "payment copy.r05"

Intelligence

File Origin
# of uploads :
1
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c7c8ca2ef61dcfa24d6f46abd79caf21e2fefb14177e5d9a81deb6497a40439/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2022-08-30 12:59:45 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
19 of 26 (73.08%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fr6izixpmhopujgw6rvl26ok6ipc735rif36lwnidxvwjf5eaq4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r05 2c7c8ca2ef61dcfa24d6f46abd79caf21e2fefb14177e5d9a81deb6497a40439

(this sample)

Formbook

Executable exe fb5a90845a71261e24e098d49e4878b8672dc0e6a29ba1ef79a52ad824fe37fa

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb5a90845a71261e24e098d49e4878b8672dc0e6a29ba1ef79a52ad824fe37fa
  
Dropping
Formbook

Comments