MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 953caa3ffcfd6956c6daf0f783399648e273be4c8db356b6920a9c80ac8caeec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 953caa3ffcfd6956c6daf0f783399648e273be4c8db356b6920a9c80ac8caeec
SHA3-384 hash: 1e946715a3c45b0b7ccef8d8a167f52c47ceaddc31482a0a05d97d757a2991138961e5ff936587cb1a714b50674e9415
SHA1 hash: c90b18600ffe8936190886ba9bb01181a86f91d7
MD5 hash: bdd89e2136b915f82ab92c4fd87d0059
humanhash: alanine-magazine-rugby-undress
File name:3q7uwBygHMzXr9C.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:436'719 bytes
First seen:2021-02-11 10:10:12 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 6144:K86sAghg1DV+0s+0IE+wADX6Exm1WlYNQowWMdr7YcRrVVE7PBhWjdGQ4EvWoQcc:CFGRt+u7ADKQQsYm/tActDEbWFOuOgM
TLSH F794232CA5BA0CD7D3F377258AAA38D72597D4C31DA6EAC1CB2935460C26E79410F09F
Reporter abuse_ch
Tags:7z FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: tyu0.sencao.casa
Sending IP: 194.15.36.225
From: MARIEM BEN YAHIA <contact@sencao.casa>
Subject: Fwd: Transaction Order
Attachment: 3q7uwBygHMzXr9C.7z (contains "3q7uwBygHMzXr9C.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.16874.32199.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/953caa3ffcfd6956c6daf0f783399648e273be4c8db356b6920a9c80ac8caeec/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-02-12 04:16:41 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=su6kup747vuvnrw26d3ygomwjdrhhpsmrwzvnnusbkoiblemv3wa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 953caa3ffcfd6956c6daf0f783399648e273be4c8db356b6920a9c80ac8caeec

(this sample)

Formbook

Executable exe 67796c5703511869c9ca00f5430d97318529e31a44d4553f2fc647ae9c3814d4

  
Dropping
MD5 df3a2db017287f0d0f0ca31b6503bdaf
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 67796c5703511869c9ca00f5430d97318529e31a44d4553f2fc647ae9c3814d4

Comments