MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c4693347c14c9bca92ace69a3cc165269877791da5d19ab733f8b113f35ba0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c4693347c14c9bca92ace69a3cc165269877791da5d19ab733f8b113f35ba0f
SHA3-384 hash: 9fe7905476e4b2031c4c63573d0d9eea992542cf3dda6429dacdde7b620a8b1131f43400aa6e1687168efab041a2087c
SHA1 hash: b40e09949509a4ab38cbf058e3c52d7991a00c61
MD5 hash: 98d4f177840484fbe15befc2e97f888c
humanhash: magnesium-avocado-eleven-jersey
File name:confirm PI# 20072134..img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2021-10-06 12:48:44 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:iU3UNQ+3HwOEmEyyX2GT5XDmUvJVTFBxT3hs6c4uEdZu3xOvMA+/fAtVwaebCt:7oEKg2GbJVTFXO6c4tw3xOMfAtVwet
TLSH T11C45F04863AB871ECC3483F66900A1521FF6A46B215DD778BDCDA0EE2B52F705AD0D93
Reporter cocaman
Tags:FormBook img


Avatar
cocaman
Malicious email (T1566.001)
From: "Nasser (AW WONG LTD) <nasser.h@awwong.com>" (likely spoofed)
Received: "from awwong.com (unknown [185.222.58.155]) "
Date: "6 Oct 2021 14:27:30 +0200"
Subject: "New FCL Order - Order IS01OCT5"
Attachment: "confirm PI# 20072134..img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.935-1.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/615d9b3fb95458900cdd2907/reports/6307cbb1-3e6a-46e9-89cd-08172371b914/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c4693347c14c9bca92ace69a3cc165269877791da5d19ab733f8b113f35ba0f/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-10-06 10:20:42 UTC
AV detection:
7 of 45 (15.56%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=prdjgnd4cte3zkjkzzu2htawkjuyo54r3jortk3th6frcpzvxihq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/7c4693347c14c9bca92ace69a3cc165269877791da5d19ab733f8b113f35ba0f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 7c4693347c14c9bca92ace69a3cc165269877791da5d19ab733f8b113f35ba0f

(this sample)

Formbook

Executable exe 009e6b48b7d9b2a802d6e831138b1e55c4390861c123287e134bbc21f8a6e225

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 009e6b48b7d9b2a802d6e831138b1e55c4390861c123287e134bbc21f8a6e225
  
Dropping
Formbook

Comments