MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9706ca8b9a00ec44578071c0ef19d7d0fff2aadd6e0d84fdd33119e7619bbbd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9706ca8b9a00ec44578071c0ef19d7d0fff2aadd6e0d84fdd33119e7619bbbd7
SHA3-384 hash: 79c6f6c4afd7e28b5b3162597b569be725f7be685c2b85d7bf097e4ea36fc69be5e8d5a60a75f587ee6ca32602f3d677
SHA1 hash: 5065fa7aba1edd9f2f6966290fb0207cd0a5afb1
MD5 hash: e814ce689c613e4e6715cab902091ff0
humanhash: twelve-nebraska-hydrogen-mike
File name:nova narudžba.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:594'666 bytes
First seen:2020-10-27 10:07:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:oa712zsXecpVN6usMxFDsPxfIPQZAwYj8WOHUnOM6L7zYPfFJIe0wPs3xy:oK1OyViMPDUdIPaFgEUO/TGF0hy
TLSH A1C4237D7420186DC96EAFA2DE7245E7230C40DEE9F01F6F60EF731484E9BE05292969
Reporter abuse_ch
Tags:FormBook geo GRC zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: stella.ns1.bg
Sending IP: 79.124.76.95
From: Edina Maciej <info@elkem.gr>
Subject: Re: Re: παραγγελία για προσφορά
Attachment: nova narudžba.zip (contains "nova narudžba.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.32480.13739.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9706ca8b9a00ec44578071c0ef19d7d0fff2aadd6e0d84fdd33119e7619bbbd7/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-27 09:20:12 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s4dmvc42adweiv4aohao6gox2d77fkw5nygyj7otgem6oym3xplq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 9706ca8b9a00ec44578071c0ef19d7d0fff2aadd6e0d84fdd33119e7619bbbd7

(this sample)

Formbook

Executable exe 262425bbcb5e75f86acb044c68560ca672503b3fb26768b733d49662ec3811cb

  
Dropping
MD5 8c10783437f67f1944a94eb04c7f70a5
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 262425bbcb5e75f86acb044c68560ca672503b3fb26768b733d49662ec3811cb

Comments