MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ae33dbc012b053af2f943b6d930e239647a1e17edb6c0f1ec6b3bd4e827beb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ae33dbc012b053af2f943b6d930e239647a1e17edb6c0f1ec6b3bd4e827beb0
SHA3-384 hash: 55e6c4c022c5ad93de6cb54a09c9dc4a22a8055a8c53ca164b7eebb1c546212b0a796357a555fabba2fe056803343058
SHA1 hash: 30b13e6238b080f51df5ce07fc48f4a03aad7eb3
MD5 hash: a6bf0b533f5624f33050bc01df1d7b87
humanhash: victor-social-louisiana-oven
File name:нова поръчка.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:456'937 bytes
First seen:2020-12-02 09:16:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:vA0RnWI9sHd4Sk/m8NuBy9XT17T5kU8vzbi:fWNHbkmCuB2X957ezO
TLSH 79A42359E4FE1E9DF2D843D856CAF00C24F0E6D94B298868915C53D4E3A5C7C2AEEC78
Reporter abuse_ch
Tags:BGR geo zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host2.himbimarket.com
Sending IP: 72.52.244.66
From: Valeri Petrunov <ricambi@monguzzi.net>
Subject: Re: Re: заявка за оферта спешно
Attachment: нова поръчка.zip (contains "нова поръчка.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.48175.13176.5061.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9ae33dbc012b053af2f943b6d930e239647a1e17edb6c0f1ec6b3bd4e827beb0/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tlrt3pabfmctv4xzio3nsmhchfshuhqx5w3mb4pmnm55j2bhx2ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9ae33dbc012b053af2f943b6d930e239647a1e17edb6c0f1ec6b3bd4e827beb0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 9ae33dbc012b053af2f943b6d930e239647a1e17edb6c0f1ec6b3bd4e827beb0

(this sample)

Formbook

Executable exe 9b700d1d5f08a646921a397536bc682cac763ba61e86d0700023abedd275fff9

  
Dropping
MD5 64e68e40a10ab18a7b3e15b68e2d6449
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9b700d1d5f08a646921a397536bc682cac763ba61e86d0700023abedd275fff9

Comments