MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4eb37d3b17352c7bf04c84c1ed97747e521b2720f6581af02377a35cf93d75e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4eb37d3b17352c7bf04c84c1ed97747e521b2720f6581af02377a35cf93d75e4
SHA3-384 hash: 347ede51d451999426caf97e1e84f6f3265c587d04e9640846e470157c0cefd2bc7ed1103b50c0bcac7fcd37b956ed15
SHA1 hash: 8247af45774b9008368b808c9dca9d1e179a9306
MD5 hash: 467d9ce5025a4eb229ae44a39a7fb79e
humanhash: solar-michigan-artist-zebra
File name:PSJ21840.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:212'969 bytes
First seen:2020-11-05 07:29:52 UTC
Last seen:2020-11-05 15:46:33 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:jUzmaaobrKLPprzx73GVqZDGuQX8wW1TK/UthWJ1eozw:jwmaaUref4A0RX8dTiUaJBU
TLSH 302412DAC46DAD1B15C50AFCE6CADF4ED4A4CD7BFB8A72C4595B2632348E0832C18391
Reporter cocaman
Tags:7z FormBook


Avatar
cocaman
Malicious email (T1566.001)
From: ""Ceyhun"<office@pellyds.xyz>"
Received: "from rdns0.pellyds.xyz (rdns0.pellyds.xyz [64.227.13.128]) "
Date: "Wed, 4 Nov 2020 23:08:54 -0800"
Subject: "Payment"
Attachment: "PSJ21840.7z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.16385.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4eb37d3b17352c7bf04c84c1ed97747e521b2720f6581af02377a35cf93d75e4/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 06:45:29 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j2zx2oyxguwhx4cmqta63f3upzjbwjza6zmbv4bdo6rvz6j5oxsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 4eb37d3b17352c7bf04c84c1ed97747e521b2720f6581af02377a35cf93d75e4

(this sample)

Formbook

Executable exe 15c7df3fd38078bfe8814c09bc69279c91ae32fc7178912998b6eca91f4d82b8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15c7df3fd38078bfe8814c09bc69279c91ae32fc7178912998b6eca91f4d82b8

Comments