MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 321d873997c3568cd7742f195eb6118860620bf44c6e1dbe16e6c2123cca5cbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 321d873997c3568cd7742f195eb6118860620bf44c6e1dbe16e6c2123cca5cbf
SHA3-384 hash: 8e935a6a0522ad22dbf5aaea5befb1b44ebd5f979f16bdd4c1c7a32d4a6a98dda76e332385c1437e481faf64efde313f
SHA1 hash: 98f7336c9825ac508495cd78365bd1a2e8c13691
MD5 hash: 8fa695655d43a0d7880e5a1cad359f59
humanhash: carbon-two-london-double
File name:Pepsico LLC RFQ Information.IMG
Download: download sample
Signature Formbook
Create hunting rule
File size:1'409'024 bytes
First seen:2022-11-11 09:56:17 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:6Iw3X5w5gRQuyfcXvTmSEbqi7bpHxVxYpTSEd:Qw5AQmvqS07bpHxPYp+
TLSH T18E65E0213B528037DC250A390C539EA64FA2DC13267C9617336CB7A52F33F689D5EB99
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:FormBook img RFQ


Avatar
cocaman
Malicious email (T1566.001)
From: "Shaimaa Gaber - Pepsico LLC Procurement Operations <peporder.me@pepsico.com>" (likely spoofed)
Received: "from ns-358.awsdns-44.com (unknown [65.60.40.105]) "
Date: "10 Nov 2022 15:40:51 -0600"
Subject: "Pepsico LLC RFQ P1002518"
Attachment: "Pepsico LLC RFQ Information.IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Pepsico LLC RFQ Information.com
File size:256'808 bytes
SHA256 hash: 094dc63a99e7f4978723577fdbbbadc74ffa4b907368c0cd48b3d0b5f14e3fbc
MD5 hash: d0347dd826e8aaf5b7e999f1d5ff818c
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.Ninjector.GV.gen.Eldorado.32632.28304.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
context-iso overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/636e1c6e5ae98d577068c2a6/reports/8f101be1-d61e-4c30-a557-948da2d4a5ca/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/321d873997c3568cd7742f195eb6118860620bf44c6e1dbe16e6c2123cca5cbf/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2022-11-10 21:17:41 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gioyoomxynlizv3uf4mv5nqrrbqgec7ujrxb3pqw43bbepgkls7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/321d873997c3568cd7742f195eb6118860620bf44c6e1dbe16e6c2123cca5cbf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 321d873997c3568cd7742f195eb6118860620bf44c6e1dbe16e6c2123cca5cbf

(this sample)

Formbook

Executable exe 094dc63a99e7f4978723577fdbbbadc74ffa4b907368c0cd48b3d0b5f14e3fbc

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 094dc63a99e7f4978723577fdbbbadc74ffa4b907368c0cd48b3d0b5f14e3fbc

Comments