MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 415a90f921c64a6d394a47ee7d485799e52372f43fb44038d1a8b618c5505689. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 415a90f921c64a6d394a47ee7d485799e52372f43fb44038d1a8b618c5505689
SHA3-384 hash: 675635ab4844441e8648f1042bda859c6f6296638a7c0b128272facdaf2b88f644b5cb4f8a5a05d028b9e03687a27cfa
SHA1 hash: cae886e78bb14f5c08a7a30a40bc002764d8eb27
MD5 hash: 684193a9d92069975a12088b7fbb61ff
humanhash: potato-carolina-princess-nitrogen
File name:PO _ETPO.21.0430.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:396'731 bytes
First seen:2021-04-01 05:53:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ecJslyQpcsdTV4iJ2/DrA/dqTjiPcobOCTpz6jjwp0gCprFLXJr:ecJslyQPdmz/DrsqTePcoi6z6vXrH
TLSH 6D84230B61401B22A5C6E575695C4DE2ABE7EF7E8D46FF4315DEB2F890361E08E2CC24
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Ainun <purchases@ec1.evergrown.com>" (likely spoofed)
Received: "from ec1.evergrown.com (unknown [217.146.88.165]) "
Date: "01 Apr 2021 07:32:32 +0200"
Subject: "NEW ORDER DKL21-00041 "
Attachment: "PO _ETPO.21.0430.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.576.5018.31536.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/415a90f921c64a6d394a47ee7d485799e52372f43fb44038d1a8b618c5505689
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/415a90f921c64a6d394a47ee7d485799e52372f43fb44038d1a8b618c5505689/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 05:54:08 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
4 of 47 (8.51%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ifnjb6jbyzfg2okki7xh2scxthssg4xuh62eaogrvc3brrkqk2eq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Noon
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/415a90f921c64a6d394a47ee7d485799e52372f43fb44038d1a8b618c5505689

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 415a90f921c64a6d394a47ee7d485799e52372f43fb44038d1a8b618c5505689

(this sample)

Formbook

Executable exe 6c2f5bf673b3bbc31cf425259cd5a0262094e85a8bed03714c7b39712efc4beb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6c2f5bf673b3bbc31cf425259cd5a0262094e85a8bed03714c7b39712efc4beb

Comments