MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 825ced929a7b35712e9cd1cf978fe09de449ccde42ddb4e8aa428458bec096dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 825ced929a7b35712e9cd1cf978fe09de449ccde42ddb4e8aa428458bec096dd
SHA3-384 hash: 9cd6a7c5fae3b7e2fedd7654c3c2e20e650815efbcae666819176f611598cb980f7ed13790cf54263d3c3c717b760e4b
SHA1 hash: 66fca0358e3e9c773bb119821fb019c33720d1f0
MD5 hash: e6727d70b007f3c56bf1bf893e2c5011
humanhash: alpha-sixteen-london-alabama
File name:DWG-DSE-DRAWING-SPECIFICATION-PROJECT.cab
Download: download sample
Signature Formbook
Create hunting rule
File size:513'114 bytes
First seen:2021-02-24 07:04:03 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:9ksJcFP/ww8HP/LfM+7vvKnE1atUh1VQ912Lo7T:9LcFPYw8vQ+7vSE0gm9
TLSH BEB42350A441D59DA7CE01DE6DB9D4EB21BECC5E61BCE361D64292202E8D323C36DFB2
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-smail-vm50.hanmail.net
Sending IP: 203.133.180.238
From: newjowa <newjowa@daum.net>
Subject: DSE-PO649643-95000PCS / MT20 / REQUEST FOR QUOTATION
Attachment: DWG-DSE-DRAWING-SPECIFICATION-PROJECT.cab (contains "DWG-DSE-DRAWING-SPECIFICATION-PROJECT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodCab-A.24877.4641.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/825ced929a7b35712e9cd1cf978fe09de449ccde42ddb4e8aa428458bec096dd/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 03:46:36 UTC
AV detection:
4 of 47 (8.51%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qjoo3eu2pm2xclu42hhzpd7atxsettg6ilo3j2fkikcfrpwas3oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

cab 825ced929a7b35712e9cd1cf978fe09de449ccde42ddb4e8aa428458bec096dd

(this sample)

Formbook

Executable exe f3c7cac2c8159ebc8f6e4acca8f5e8722f5ee0892f76e29b9a44c7f7a475331c

  
Dropping
MD5 418aaa2f17d2b2a09276bc723a31e870
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f3c7cac2c8159ebc8f6e4acca8f5e8722f5ee0892f76e29b9a44c7f7a475331c

Comments