MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 614f65e624aa49b9de0c5f605428091f4817745b857c930fc129aac6f23618d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 614f65e624aa49b9de0c5f605428091f4817745b857c930fc129aac6f23618d8
SHA3-384 hash: 73c6f210b39c30cfbd814bfb604b8218758f15a289a6f938ff440bd51fd836248a99a4d39a67e35140e73803d389f4c4
SHA1 hash: bdd5ae976cc6e2542222066fb4932ae3ee5cd52f
MD5 hash: b13adf3cfbad8c04fdbe4fdd771bf9cd
humanhash: stairway-may-beryllium-magnesium
File name:order sales contract.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:268'367 bytes
First seen:2020-08-14 05:53:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:YrX9yZZhBoLRQ1CBOX7UOQZ4Y2Lt5wxsKnILtgrwMJq3l:SCPozO7k3MbwxswI68aq3l
TLSH 624423F573BEDF594D1F06448CB65C327A0B3BD81A1DB6C38082366A3995D5AF2BC214
Reporter cocaman
Tags:FormBook zip


Avatar
cocaman
Malicious email
From: Leistritz <sales@kitswood.com>
Received: from kitswood.com (unknown [62.113.215.235])
Date: 13 Aug 2020 18:31:38 -0700
Subject: Contract Request/Purchase Order
Attachment: order sales contract.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25650.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/614f65e624aa49b9de0c5f605428091f4817745b857c930fc129aac6f23618d8/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 05:55:06 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 29 (75.86%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mfhwlzrevje3txqml5qfikajd5ebo5c3qv6jgd6bfgvmn4rwddma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/614f65e624aa49b9de0c5f605428091f4817745b857c930fc129aac6f23618d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 614f65e624aa49b9de0c5f605428091f4817745b857c930fc129aac6f23618d8

(this sample)

Formbook

Executable exe b3289e282e7c031fde98778bac0057bad5d933c85da0b43d95f177c6333fc3c2

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3289e282e7c031fde98778bac0057bad5d933c85da0b43d95f177c6333fc3c2
  
Dropping
Formbook

Comments