MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d2c50c7dc006af555553e9949e8753db8416812f8fe0f125eb41ac32158d143. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d2c50c7dc006af555553e9949e8753db8416812f8fe0f125eb41ac32158d143
SHA3-384 hash: 12ffb3d38313017f6e15cc44aac05ae51a120c704b3aaacccf0af4979b6b8a737a580cfb80fc3df6a0a8aaffc7118eb7
SHA1 hash: bff502e295ba9df6227cfefbf43d0e1e75d8496e
MD5 hash: 496d57345ca162e3e8662401d813bcf2
humanhash: ink-foxtrot-neptune-table
File name:PO987556.Z
Download: download sample
Signature Formbook
Create hunting rule
File size:609'053 bytes
First seen:2020-11-25 06:42:22 UTC
Last seen:2020-11-25 06:47:59 UTC
File type: z
MIME type:application/x-rar
ssdeep 12288:0RwdtQ2QalMYwhgEeVWEy75Pj7HMQby8nuu6BxSI1SFnUMB0:0mdm4lMYwveUFPXMtk66IeB0
TLSH 8ED4236F568700BA763F6B570BA5084A70A849F3AFCA0D2E35C835E046F430A365D76F
Reporter cocaman
Tags:z


Avatar
cocaman
Malicious email (T1566.001)
From: "<info@ihappyus.co.kr>" (likely spoofed)
Received: "from ihappyus.co.kr (unknown [92.118.190.190]) "
Date: "25 Nov 2020 07:02:03 +0100"
Subject: "PO9750"
Attachment: "PO987556.Z"

Intelligence

File Origin
# of uploads :
3
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d2c50c7dc006af555553e9949e8753db8416812f8fe0f125eb41ac32158d143/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 06:43:05 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tuwfbr64abvpkvkvh2mut2dvhw4ec2as7d7a6es6wqnmgiky2fbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9d2c50c7dc006af555553e9949e8753db8416812f8fe0f125eb41ac32158d143

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z 9d2c50c7dc006af555553e9949e8753db8416812f8fe0f125eb41ac32158d143

(this sample)

Formbook

Executable exe 215b1bcebe9fb50bc7b3aaa67325559c5a8997f2101709fcb3459bf344274f56

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 215b1bcebe9fb50bc7b3aaa67325559c5a8997f2101709fcb3459bf344274f56

Comments