MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6002f3f11291a303b7b38c97aa8446ef0b99ecd5aa5ae2aecdda388e97489532. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara Comments

SHA256 hash: 6002f3f11291a303b7b38c97aa8446ef0b99ecd5aa5ae2aecdda388e97489532
SHA3-384 hash: 37c0e356256f73c738b198fc5abec0695750c21615203ea18f6893871f590f8611d36f947d8599efdad0f2f59889d181
SHA1 hash: c84511e9137408963f0ac4da7a993f9fddb311c2
MD5 hash: eae6712971ff7e69bfae77f9fbd99ac1
humanhash: fifteen-neptune-blossom-tango
File name:Xxfgbqr.exe
Download: download sample
Signature FormBook
File size:696'320 bytes
First seen:2020-06-30 12:11:40 UTC
Last seen:2020-06-30 13:11:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3dbf6c2cd2886e109ef90dcce86638b7
ssdeep 12288:ae7+LHvP79bjBoxHyzKXAzgqGD4cdCIJuxd6Ur5IScz5ISF+gAuA1KzqrRUyqqj1:Fq779bjBoAzKXAPC4rYX/ebP2ccjc
TLSH 13E4CF21B3D0953BDD5B1BB48C0F6AA86C267DA02E99584F3AF81CCE6B7D361342D153
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: shbc10.ultina.jp
Sending IP: 218.40.207.10
From: B Bayar Group Industry <zhaojun@cetjd.com>
Reply-To: zhaojun@cetjd.com
Subject: INQUIRY
Attachment: Xxfgbqr Order 6239.rar (contains "Xxfgbqr.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 32
Origin country FR FR
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17114/
ClamAV PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/6002f3f11291a303b7b38c97aa8446ef0b99ecd5aa5ae2aecdda388e97489532/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Noon
First seen:2020-06-30 12:13:04 UTC
AV detection:25 of 31 (80.65%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-mptbykmwz6/
Tags:persistence spyware evasion trojan
VirusTotal:Virustotal results 17.81%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

d2311c3408fa79d34b34b499290ba548

FormBook

Executable exe 6002f3f11291a303b7b38c97aa8446ef0b99ecd5aa5ae2aecdda388e97489532

(this sample)

  
Dropped by
MD5 d2311c3408fa79d34b34b499290ba548
  
Delivery method
Distributed via e-mail attachment

Comments