MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c33a8bf89033e4acd7eebec98a64b4dda422978826e47076d1b460d5a64736d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c33a8bf89033e4acd7eebec98a64b4dda422978826e47076d1b460d5a64736d
SHA3-384 hash: c56e0c0b2b54ae5be1274d2e28c4a61b10236fea353233edd6393f516c4f19c7461a236d2f72a8d08fdc0ce023ca4fd8
SHA1 hash: f57354e000a692d9e6d73646f1bf39004804f5a8
MD5 hash: 3a5618c462ab147e1bd07202ff092c77
humanhash: oranges-mirror-ink-butter
File name:New PO.z
Download: download sample
Signature Formbook
Create hunting rule
File size:691'824 bytes
First seen:2024-07-15 10:40:07 UTC
Last seen:2024-07-15 10:41:24 UTC
File type: z
MIME type:application/x-rar
ssdeep 12288:dWwQqtXE6KDm3Y8A4fmfNxlQ7IOUgTiC5+udJRtnPQNRqWOLenwCI:0wR06KDm3rADl6IJgT3Dn3nPARaFCI
TLSH T11DE42334E5D259D230DD8AFC95514F36817CA6A2A59A02C74B07FF71A033BFE2AFA114
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook z


Avatar
cocaman
Malicious email (T1566.001)
From: "Andrea Forte <andrea@debraaddison.cfd>" (likely spoofed)
Received: "from mail.debraaddison.cfd (vps-abab6c72.vps.ovh.net [51.89.149.169]) "
Date: "Mon, 15 Jul 2024 08:16:09 +0000 (UTC)"
Subject: "RE: Purchase order PO#86637"
Attachment: "New PO.z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
117
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:New PO.exe
File size:732'160 bytes
SHA256 hash: b34385fde3f74d82ee83b2c24431818bf23e56e897faa3c88e45d4ce712b1b7a
MD5 hash: f05ee5587fb71de00fa2e5c12222c2f9
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6694fcc084e955866872b3d7win10vpnfull_triage
Tags:
Static Swotter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6694fcdaf4acda707fe32f43/reports/1aaf6040-d932-47e0-b191-91e3175c3e08/overview
Verdict:
Suspicious
Labled as:
Mal/DrodRar
Link:
https://www.hybrid-analysis.com/sample/7c33a8bf89033e4acd7eebec98a64b4dda422978826e47076d1b460d5a64736d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c33a8bf89033e4acd7eebec98a64b4dda422978826e47076d1b460d5a64736d/
Threat name:
ByteCode-MSIL.Trojan.SuspMsilIn7zEmail
Create hunting rule
Status:
Malicious
First seen:
2024-07-15 10:40:11 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pqz2rp4jam7evtl65pwjrjsljxneeklyqjxeob3ndnda2wteonwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c33a8bf89033e4acd7eebec98a64b4dda422978826e47076d1b460d5a64736d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z 7c33a8bf89033e4acd7eebec98a64b4dda422978826e47076d1b460d5a64736d

(this sample)

Formbook

Executable exe b34385fde3f74d82ee83b2c24431818bf23e56e897faa3c88e45d4ce712b1b7a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b34385fde3f74d82ee83b2c24431818bf23e56e897faa3c88e45d4ce712b1b7a
  
Dropping
MD5 f05ee5587fb71de00fa2e5c12222c2f9

Comments