MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ef912ba8f9cfbe827295f923edc2e3b11e0bb061070f1b75b3d5e1e59d1e8eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara 2 Comments

SHA256 hash: 4ef912ba8f9cfbe827295f923edc2e3b11e0bb061070f1b75b3d5e1e59d1e8eb
SHA3-384 hash: be3eaa4ee15da6857275b1ff5d368b9f62b0de2bb5e225ff0f82e66a231a5c49bb40f7a3ecd92abd5c600eb06f725569
SHA1 hash: d0c2635d509aa173129179e8346dec0e16db1863
MD5 hash: 48403eec26a42d2e2d053de67df6e493
humanhash: carbon-don-jig-pasta
File name:NOW PO n08765456789093.exe
Download: download sample
Signature Formbook
File size:312'320 bytes
First seen:2020-06-30 07:19:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:lXpvMInqsmmLD+MNHaJGtSpjKWO8+hfnLFXBybWiSI/d7PQxAWOYw:lXpvMInqsLDjaEttswLR4S2BQxAWOYw
TLSH 3564F136A3B9CF64EAB99BB560F154200FB17E1B2531E26D6DC064CE1977B0083A1F67
Reporter @jarumlus


Mail intelligence
Trap location Impact
CH Switzerland Low
Global Low
# of uploads 1
# of downloads 36
Origin country FR FR
CAPE Sandbox Detection:Formbook
CERT.PL MWDB Detection:formbook
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Nanocore
First seen:2020-06-30 07:20:07 UTC
AV detection:15 of 31 (48.39%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:formbook
Tags:trojan spyware stealer family:formbook persistence
VirusTotal:Virustotal results 10.96%

Yara Signatures

Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 4ef912ba8f9cfbe827295f923edc2e3b11e0bb061070f1b75b3d5e1e59d1e8eb

(this sample)

Delivery method
Distributed via e-mail attachment