MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7585287c644d884ec1a4cdd05f4864594913bc75b2ecf345367f73edf9667165. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7585287c644d884ec1a4cdd05f4864594913bc75b2ecf345367f73edf9667165
SHA3-384 hash: 90ea892857560da267eb24d34fe1792240bb9f1e11b6363d8e358ff91babfc73d3152df696b48c75306693c9a6cf76e8
SHA1 hash: 9f293ea91edec86a19bcc093d59ccf89e9fe28bc
MD5 hash: 7019dd3601c8d651c7bb0f1b7ecb1288
humanhash: football-gee-lithium-helium
File name:0877123.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:285'278 bytes
First seen:2021-11-25 13:07:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:jIDsFXV0+k2SidBkxmzFZePv0Oq6EEoTBbmwVXTFC:jIDiXV0h2SCWmzFZeDzEEoTBqwpo
TLSH T13E5423940DA82D7DEEEB5D4D3813005E6E5887866FCE00E989F5192D35CAFB80B42DB6
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""ING Bank" <admin@emailhouse.online>" (likely spoofed)
Received: "from mail.emailhouse.online (v160-251-79-28.ino1.static.cnode.io [160.251.79.28]) "
Date: "Thu, 25 Nov 2021 11:19:05 -0000"
Subject: "document confidentiel"
Attachment: "0877123.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_exenum416.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/7585287c644d884ec1a4cdd05f4864594913bc75b2ecf345367f73edf9667165
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7585287c644d884ec1a4cdd05f4864594913bc75b2ecf345367f73edf9667165/
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7585287c644d884ec1a4cdd05f4864594913bc75b2ecf345367f73edf9667165

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 7585287c644d884ec1a4cdd05f4864594913bc75b2ecf345367f73edf9667165

(this sample)

Formbook

Executable exe 6810f77478c037f70109dfb99877a6dd3bd80496ee7cc304027f2803a2209ab5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6810f77478c037f70109dfb99877a6dd3bd80496ee7cc304027f2803a2209ab5

Comments


Avatar
Corsin Camichel commented on 2021-11-25 13:12:40 UTC

Password
123