MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 535d79f95e1efb6566ed4acc9d6cf1cb38bf9da4aa43b0ad224bd17ba7a58d12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 535d79f95e1efb6566ed4acc9d6cf1cb38bf9da4aa43b0ad224bd17ba7a58d12
SHA3-384 hash: 5d08775b09f3f0a3c57d9e2e193ad44dfa13c2b79cfe9edbab431610c93276ab361eb961a16396909cdc58f4e025b0c5
SHA1 hash: dd2920a42353b44dea14d04947e4c0c3a887b318
MD5 hash: 3989bac13eca4e0a870fe86da1a9b6aa
humanhash: friend-single-florida-hot
File name:inquiry.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-11-18 12:11:47 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:hgjOG/+s+L55QQiHIMQZzPiuUn3upXjyKsgpDFV6aZp:hgjONs+F5QQjRZuAzyKsgpDn6
TLSH DD45E0317181C073D5A7113894E9CBB5BABDB43217696AC37BDC4BBE0F212E2973524A
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: CleanAT_FortiMail.mail.cleanat.com
Sending IP: 115.90.39.122
From: Deniz Geyik<info@elektrikdunyasi.com.tr>
Reply-To: info@elektrikdunyasi.com.tr
Subject: Inquiry for avaliable products/delivery
Attachment: inquiry.img (contains "Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1493.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Firseria-6804617-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/535d79f95e1efb6566ed4acc9d6cf1cb38bf9da4aa43b0ad224bd17ba7a58d12/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 12:12:06 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=knoxt6k6d35wkzxnjlgj23hrzm4l7hnevjb3bljcjpixxj5fruja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 535d79f95e1efb6566ed4acc9d6cf1cb38bf9da4aa43b0ad224bd17ba7a58d12

(this sample)

Formbook

Executable exe f15f56060c67b8a9fb384eb33797c08aa5daf594ae5061672dded02be6ec2b3b

  
Dropping
MD5 567506d8bcc7bf0272111c13ff064c1b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f15f56060c67b8a9fb384eb33797c08aa5daf594ae5061672dded02be6ec2b3b

Comments