MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38111059598ff712e5bafbebc9a6b5295251001b558b53fddb66b9ce32aaa802. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38111059598ff712e5bafbebc9a6b5295251001b558b53fddb66b9ce32aaa802
SHA3-384 hash: 31ccc4c211266c2cb485dad946a249870356762343799276de7b28272a7ed1c775b8c35217b8702eb33e5d867eecb70c
SHA1 hash: 7eb6a674e8166bd1b66cda35d096360941fb2489
MD5 hash: 0b37cd316602da27d779c95b34707120
humanhash: georgia-romeo-item-wisconsin
File name:PO2103019BGT.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:411'557 bytes
First seen:2021-04-06 05:25:17 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:4c32Z9mroCVoS69HctJMCcFHYhenr7uVv/5oC4SqXY:4cEmroCVBm8tMeRbd
TLSH A994232F6F5192FCA13F237D5EAA8583642980B8FF8BC491490E49E65E16E5037FC50B
Reporter cocaman
Tags:FormBook gz INVOICE


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?Q?Yanvy=C2=A0=C2=A0=E8=AE=B8=E9=9B=85=E5=A9=B7?=
<sale-yanvy@xhypackaging.com>" (likely spoofed)
Received: "from mail.saresoft.net (mail.saresoft.net [82.223.102.124]) "
Date: "Mon, 05 Apr 2021 08:21:04 -0700"
Subject: "RE: Invoice Needed - PO2103019BGT"
Attachment: "PO2103019BGT.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38111059598ff712e5bafbebc9a6b5295251001b558b53fddb66b9ce32aaa802/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-05 09:47:15 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
11 of 29 (37.93%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hairawkzr73rfzn27pv4tjvvffjfcaa3kwfvh7o3m2444mvkvaba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
Link:
https://yomi.yoroi.company/submissions/38111059598ff712e5bafbebc9a6b5295251001b558b53fddb66b9ce32aaa802

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 38111059598ff712e5bafbebc9a6b5295251001b558b53fddb66b9ce32aaa802

(this sample)

Formbook

Executable exe 0fce851d001cb1a92a7939eb6a9fac428f5fd9750caa9a1981e27fd659c32c03

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0fce851d001cb1a92a7939eb6a9fac428f5fd9750caa9a1981e27fd659c32c03
  
Dropping
Formbook

Comments