MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3378da55cad4b9faa27a9efd984da96675e4bfceb2af71898fed582c2d6622ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3378da55cad4b9faa27a9efd984da96675e4bfceb2af71898fed582c2d6622ae
SHA3-384 hash: 7e6af99cbf455cf69fbe84c7360a10796c65ed03efb3e23bca57dec6573a5f56097204e3d8ca1bbbc7132fd7ebd77d69
SHA1 hash: def8dc61f3eb99ed863c85c1754f436b846183f8
MD5 hash: eabbe50a98e578b908b872bbda693bdf
humanhash: network-october-angel-speaker
File name:DEBIT NOTE-1C017A.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:341'926 bytes
First seen:2020-12-22 12:46:34 UTC
Last seen:2020-12-24 08:51:37 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:jOXjjcxh2qCENZ9UgYXB90ylfduAv1EHRyHOTY3Ir4fTrNCoQ:ifQIqCENZ9PYx90IhSRPTUfTrkH
TLSH 577423CCA8D122588E353909733F297D595C016ECFFCD885256A8DE9AFECB846B09F50
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: bmo.com
Sending IP: 79.110.52.80
From: Jenny Jiang <Jenny.Jiang@bmo.com>
Subject: Balance Payment Advice for victim-domain
Attachment: DEBIT NOTE-1C017A.zip (contains "DEBIT NOTE-1C017A.exe")

Intelligence

File Origin
# of uploads :
4
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen11.56307.13143.8829.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3378da55cad4b9faa27a9efd984da96675e4bfceb2af71898fed582c2d6622ae/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gn4nuvok2s47vit2t36zqtnjmz26jp6owkxxdcmp5vmcyllgekxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3378da55cad4b9faa27a9efd984da96675e4bfceb2af71898fed582c2d6622ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 3378da55cad4b9faa27a9efd984da96675e4bfceb2af71898fed582c2d6622ae

(this sample)

Formbook

Executable exe 24ab4616829b8c7bce068426184e9ff9ac006208ab47160890cb92a08f0bc885

  
Dropping
MD5 96cfbbcf69c9318fad4ec90d5523d8b5
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 24ab4616829b8c7bce068426184e9ff9ac006208ab47160890cb92a08f0bc885

Comments