MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32f8037b6736013380708b6ec92c1df935b0845f3ee203291113851d187e2433. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32f8037b6736013380708b6ec92c1df935b0845f3ee203291113851d187e2433
SHA3-384 hash: e5e0a2785d2dfd883365bf3b271682d51282a7384f15a87e306eda31352de6bcd224c8a6d174c10e5d4e32837f6d6e6f
SHA1 hash: 976d7c68c4c6c536b6e1c9829d55cc6ee4f7fac8
MD5 hash: 19b79a67924d3165cc8a2642df7bd230
humanhash: speaker-berlin-oscar-venus
File name:KEIN NOODLES MANUFACTURERS.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:569'895 bytes
First seen:2020-10-26 12:54:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:+gBSjJ1Y6jddoR8gMNX0ifZpPLdAXYbO3eNUiup1osVYEtGd:9BWJ1Y6W8LB5dAkdNUiuksVVm
TLSH 1DC4237B6DF5A40D35E403372585E7A01326421CA6E6BE28809B7A2D5C9738D0FF5E4F
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: ns5000173.ip-192-99-200.net
Sending IP: 192.99.200.60
From: Manoj Sreedharan <keinnoodles.hr@gmail.com>
Reply-To: engineering@engineer.com
Subject: Kein Noodles / Request For Quotation
Attachment: KEIN NOODLES MANUFACTURERS.zip (contains "KEIN NOODLES MANUFACTURERS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.3919.27457.839.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32f8037b6736013380708b6ec92c1df935b0845f3ee203291113851d187e2433/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 01:15:11 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gl4ag63hgyathadqrnxmsla57e23bbc7h3ragkircocr2gd6eqzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 32f8037b6736013380708b6ec92c1df935b0845f3ee203291113851d187e2433

(this sample)

Formbook

Executable exe 60831f31acc48a952e24869954c79277d27eeddb14c10d76d0a3b6e61a8e343d

  
Dropping
MD5 1838db9019cd3ad06fde8722e07c6045
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 60831f31acc48a952e24869954c79277d27eeddb14c10d76d0a3b6e61a8e343d

Comments