MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f78f204c4573b95d5cd1cf48ccb73492402a043a158644984fd81a220ac74f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f78f204c4573b95d5cd1cf48ccb73492402a043a158644984fd81a220ac74f0
SHA3-384 hash: 63e361dbf5d8a04b4f85b5cd686b247b3bf84529ff722bfcd2de8de22e672541d4cee138d95e3b1eb8c5ebef2e48a616
SHA1 hash: 4cc3d0804bf72fc532d78a19faebe594c8b1220e
MD5 hash: 5a72dcd2f683cd77dc7642d45d4060de
humanhash: vermont-mississippi-bakerloo-gee
File name:Payment_4372889.lzh
Download: download sample
Signature Formbook
Create hunting rule
File size:815'104 bytes
First seen:2021-01-18 09:06:50 UTC
Last seen:Never
File type: lzh
MIME type:application/x-iso9660-image
ssdeep 12288:wVUQ/6AbON2NdJxJF0ypc4BsgMBaaIocOPjrqi0aAyEr5bBBlGh+:/QCAPdJx24elcOPP/EVQh
TLSH 95058C1457DDCB21E7FCA7F9AD1090A032A9E685F268E77CD976B0916922C3804DFF90
Reporter abuse_ch
Tags:FormBook lzh


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: smtp2.hiworks.co.kr
Sending IP: 121.254.168.210
From: 조재민 <newiz8@dsmecasys.com>
Reply-To: "조재민" <newiz8@dsmecasys.com>
Subject: RE:OUTSTANDING PAYMENT
Attachment: Payment_4372889.lzh (contains "Payment_4372889.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.424.3454.3280.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f78f204c4573b95d5cd1cf48ccb73492402a043a158644984fd81a220ac74f0/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-17 22:59:56 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l54pebgek45zlvondt2izs3tjesaficdufmgisme7wa2eifmotya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5f78f204c4573b95d5cd1cf48ccb73492402a043a158644984fd81a220ac74f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

lzh 5f78f204c4573b95d5cd1cf48ccb73492402a043a158644984fd81a220ac74f0

(this sample)

Formbook

Executable exe ee559d67bcad95fc4e1e6c867908b0b84338472a30d28d34da415c7efbd48f2b

  
Dropping
MD5 d7e382bb4854061f9fc7a9806da0d7af
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee559d67bcad95fc4e1e6c867908b0b84338472a30d28d34da415c7efbd48f2b

Comments