MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 353ea4a828341e4336bcc91c383cdd8a8f3447055aae3bee767cadd203b87e7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 353ea4a828341e4336bcc91c383cdd8a8f3447055aae3bee767cadd203b87e7f
SHA3-384 hash: a740fe27cfc5c0b45cec2820dc7a31d52825eaf4a298ce56e1d455b4d639d7caa4bf5ee45f8f79bd970dd9d6e0e13351
SHA1 hash: c985cf04614fbc59cc6718f2b53676e9cac96d17
MD5 hash: 2fb875a6512249da282a67f657ef6e74
humanhash: fish-aspen-table-south
File name:INTABINA.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:514'075 bytes
First seen:2020-10-27 12:24:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:eYhnkCGfkok2cyb4UE7aUVKqmBE9EcW4fTZ9YmVE8Ye:tiD3qaUoVBEDRTZRm8Ye
TLSH EFB42359F1536CA48B20E79F416B2AF5B57EB4BB3D037C79DE636F02032586880449EB
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.intabina.com
Sending IP: 113.23.216.119
From: azhar@intabina.com <azhar@intabina.com>
Reply-To: azhar@intabina.com
Subject: FW; PO
Attachment: INTABINA.zip (contains "INTABINA.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.2948.17010.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/353ea4a828341e4336bcc91c383cdd8a8f3447055aae3bee767cadd203b87e7f/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 01:31:18 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gu7kjkbigqpegnv4zeodqpg5rkhtiryflkxdx3twpsw5ea5ypz7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/353ea4a828341e4336bcc91c383cdd8a8f3447055aae3bee767cadd203b87e7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 353ea4a828341e4336bcc91c383cdd8a8f3447055aae3bee767cadd203b87e7f

(this sample)

Formbook

Executable exe 3703314f1bc96e78c1b3378534c311eec37ead98618ba0b2e6c4e7483a25f097

  
Dropping
MD5 fd2c5f1e7a76dd249637f444209d0241
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3703314f1bc96e78c1b3378534c311eec37ead98618ba0b2e6c4e7483a25f097

Comments