MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40a87080ecc71f0a88e7ca6292bfcb94b0f11643fc225b3c735f554a5e780e60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40a87080ecc71f0a88e7ca6292bfcb94b0f11643fc225b3c735f554a5e780e60
SHA3-384 hash: d474bb9f8244f8d30af76f18d56df74f44c2c1e0aafc6ed510b58659e99c25c7ed8340190d75d72b74f43675983e71ec
SHA1 hash: 6f4a63a2a83c23df28a3bac96d8eaebcd6f63879
MD5 hash: bb53f6f6cfe36f2285d4e11be4df9f75
humanhash: chicken-quebec-pasta-lithium
File name:DOCUMENT.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:260'920 bytes
First seen:2020-10-29 09:59:47 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:s85r0iGhdmgO+um6pNqnu4jtvF/OI7ECogCY:7wXR6Hqu4jtd/O6ECogP
TLSH 94442380809275DF709CB9CD97C9125ED6BE7195A06F3A9EA7F002C67CFB2E0806D674
Reporter cocaman
Tags:7z


Avatar
cocaman
Malicious email (T1566.001)
From: ""Expo Freight Ltd."<office@greapr.xyz>"
Received: "from rdns0.greapr.xyz (rdns0.greapr.xyz [143.110.148.94]) "
Date: "Thu, 29 Oct 2020 05:32:56 -0400"
Subject: "RE: RE: INVOICE+PL+ BL+SHIPMENT!"
Attachment: "DOCUMENT.7z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40a87080ecc71f0a88e7ca6292bfcb94b0f11643fc225b3c735f554a5e780e60/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-10-29 09:06:55 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
16 of 29 (55.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=icuhbahmy4pqvchhzjrjfp6lssypcfsd7qrfwpdtl5kuuxtybzqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 40a87080ecc71f0a88e7ca6292bfcb94b0f11643fc225b3c735f554a5e780e60

(this sample)

Formbook

Executable exe e9291adc295e241009821c0ee671dd9ee44cca5cc466ecd20cc8bbab53931c8c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e9291adc295e241009821c0ee671dd9ee44cca5cc466ecd20cc8bbab53931c8c

Comments