MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7de443b232c5d0560cca6fda3922ddf41189a289afd07ecebc098abc9433d682. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7de443b232c5d0560cca6fda3922ddf41189a289afd07ecebc098abc9433d682
SHA3-384 hash: 867dcea8c50caf88bf26a707a02f6caa204f46ec7dc8d39eee2c0e098e79a022bcf5328355abd06762918ee3afa56e7d
SHA1 hash: 28930095ca2a9b29e7db18476542c003e5a82386
MD5 hash: f4dcd9b53c8dc168a42304628e176616
humanhash: bluebird-failed-london-kentucky
File name:VESSEL SPECIFICATION.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:620'460 bytes
First seen:2021-02-08 06:18:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:5C1OzycZJ2ulZCsCTQZqjuMcYXSyUla8kC02d30uRjsAa3kQIV65ixULhG:81CJfrCsCTiqy4HR2d3TRjlarId48
TLSH 3CD433F7D8C003AE15C7BD3836BAA4DC559C5EA67C15B121E7B98F30CEA8B448B40369
Reporter fabjer
Tags:FormBook zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisBA383AF83EAB.14972.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7de443b232c5d0560cca6fda3922ddf41189a289afd07ecebc098abc9433d682/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-02-08 03:31:20 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pxsehmrsyxifmdgkn7ndsiw56qiytiujv7ih5tv4bgflzfbt22ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7de443b232c5d0560cca6fda3922ddf41189a289afd07ecebc098abc9433d682

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 7de443b232c5d0560cca6fda3922ddf41189a289afd07ecebc098abc9433d682

(this sample)

Formbook

Executable exe bc2cc312ba11b1945f2fc371ddc960e24ae3fa9cf9117e51d8efa152b8bee2c8

  
Dropping
SHA256 bc2cc312ba11b1945f2fc371ddc960e24ae3fa9cf9117e51d8efa152b8bee2c8
  
Delivery method
Distributed via e-mail attachment

Comments