MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62baa08259d516e76060dc5cd5ad84b2175568ef4d55ca2e119168ffab481280. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62baa08259d516e76060dc5cd5ad84b2175568ef4d55ca2e119168ffab481280
SHA3-384 hash: e479bf6d973f95b07ee811f62bacf7cdf9ae63063d4be700d25b2c35f73ee8dd6f824a013a03b2b43341fd7215d3bc32
SHA1 hash: ef8a276c3dbe71d0f7cffcd089555d12adf92316
MD5 hash: eae4871ccde304d6a07e04f17db0f92a
humanhash: may-solar-echo-iowa
File name:14079 Revised #PO 4990.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:384'372 bytes
First seen:2021-02-25 14:03:38 UTC
Last seen:2021-02-26 17:34:37 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:M0pl77HMDEvRFHvqc5/jxN5HAUgPs8I9sdbqUNe3yoVRJC6Iq0iuSo/Aw5MdJ20r:BZ7MYvRFPqc5Hbrsdg3hVRA602AAwmH1
TLSH EE84239964BDF4AA137FB12FD729C3F6728AE050242359DBA075F28483E44E51D2DB31
Reporter GovCERT_CH
Tags:FormBook

Intelligence

File Origin
# of uploads :
4
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36397718.28402.28432.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62baa08259d516e76060dc5cd5ad84b2175568ef4d55ca2e119168ffab481280/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 14:04:07 UTC
AV detection:
23 of 47 (48.94%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mk5kbasz2ulooyda3ronllmewilvk2hpjvk4ulqrsfup7k2ickaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 62baa08259d516e76060dc5cd5ad84b2175568ef4d55ca2e119168ffab481280

(this sample)

FormBook

Executable exe 0ef4f3934342133702e07d176450b7304d5f85bc78652821356f9f046d5367b4

  
Dropped by
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ef4f3934342133702e07d176450b7304d5f85bc78652821356f9f046d5367b4
  
Dropping
MD5 39aea50e1b5986688a020b31edbd71f2

Comments