MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7383d47bc41a1a4c7111e98a788312283289d7f514ad0505f85f24012179927b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7383d47bc41a1a4c7111e98a788312283289d7f514ad0505f85f24012179927b
SHA3-384 hash: 3b0f93d9e6ec2b6370ad6e61a12edee6c1b9aed1551c54a3c25bb3277060da4906de318b56490e24c42abd15341078a2
SHA1 hash: 463da896bde07c4f5073dbab283abb7cfc3106bd
MD5 hash: 0fbe4dedbd8d6257dd0664a6a04c2ac8
humanhash: sweet-seven-cardinal-diet
File name:QUOTATION REQUEST.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:506'421 bytes
First seen:2021-04-02 10:06:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:gIJfJqCSLAJ9RW7maPfLRiayeHFUzezEJwY/X5u3UMEnFQWkSbZxXl7QSymBDV/:goJqCSSCnLosl3RKaYnW6TXl7QSRh/
TLSH 35B423497378371EE60B4479A1665DE3A2DD812F466E62CB5901EACCC3B3327D2E40CE
Reporter GovCERT_CH
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs2022.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/7383d47bc41a1a4c7111e98a788312283289d7f514ad0505f85f24012179927b
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7383d47bc41a1a4c7111e98a788312283289d7f514ad0505f85f24012179927b/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 13:29:51 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oob5i66ediney4ir5gfhraysfazitv7vcswqkbpyl4sacilzsj5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7383d47bc41a1a4c7111e98a788312283289d7f514ad0505f85f24012179927b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 7383d47bc41a1a4c7111e98a788312283289d7f514ad0505f85f24012179927b

(this sample)

Formbook

Executable exe 26ce9b59c995e5c009089e28caf8c89c6c41e7dda928186f7114d9af26dca817

  
Dropped by
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 26ce9b59c995e5c009089e28caf8c89c6c41e7dda928186f7114d9af26dca817
  
Dropping
MD5 3b9fb3a0f35df651e99aa7dfdb64445e

Comments