MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7914fa795699cf35720b49331c4966c188d5720b59b28692ffac2b94e7317692. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7914fa795699cf35720b49331c4966c188d5720b59b28692ffac2b94e7317692
SHA3-384 hash: 3932961e821e11a48728d152e2d7ae6216a8e0ae5184dfc1156312c9a82aa003c13a92ca962f7462c17361a19481aac7
SHA1 hash: fb64c0b358edca540aeeb97657cebd55249e3429
MD5 hash: 293bf5b779d4919d6267aee6f52fb1c0
humanhash: tennessee-washington-tennessee-thirteen
File name:ISSUES INVOICE E-4136 REV.2.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:547'527 bytes
First seen:2021-07-15 08:12:42 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:I5FUai19txNGHnI/B+lsqU1qnKsrihCySjvpWr5AnKoTG/mD23YEl4j:I5MvTAUslsqUAwCjvw1AnKkG+q3YElK
TLSH T1DAC423724AFDE5D55D08028AD9B62F406D30296D1D5BE283872871BF66467F220AFBF0
Reporter cocaman
Tags:FormBook INVOICE r00


Avatar
cocaman
Malicious email (T1566.001)
From: "Dhillan <dhillan@dipoman.com>" (likely spoofed)
Received: "from dipoman.com (unknown [185.222.58.148]) "
Date: "15 Jul 2021 10:12:21 +0200"
Subject: "RE: ISSUES WITH INVOICE E-4137 REV.1 AND E-4136 REV.1"
Attachment: "ISSUES INVOICE E-4136 REV.2.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7914fa795699cf35720b49331c4966c188d5720b59b28692ffac2b94e7317692/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-07-15 06:42:47 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
11 of 46 (23.91%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pekpu6kwthhtk4qljezryslgygenk4qllgzinex7vqvzjzzro2ja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.71
Link:
https://yomi.yoroi.company/submissions/7914fa795699cf35720b49331c4966c188d5720b59b28692ffac2b94e7317692

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 7914fa795699cf35720b49331c4966c188d5720b59b28692ffac2b94e7317692

(this sample)

Formbook

Executable exe 19f2101d500dfa2ba71baf220497fe8888667bb7d9c8cf4996087ff67c11d156

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 19f2101d500dfa2ba71baf220497fe8888667bb7d9c8cf4996087ff67c11d156
  
Dropping
Formbook

Comments