MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d97c42b147296636462546b20bda26a99b541c74018894e66bc73efdb07cc77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d97c42b147296636462546b20bda26a99b541c74018894e66bc73efdb07cc77
SHA3-384 hash: ba1dad8d16dea8ed212c8f847241f740cfc3527c03e4beae2a624cc90e94e09856a014cd134cd33e2d7cc18567e1f6f5
SHA1 hash: 193635b80b5770da85de9682ad47ea6523d85a14
MD5 hash: 7077a2e8b8c89063c877064feea5b1b7
humanhash: lamp-juliet-double-carolina
File name:New Purchase Order 501,689.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:631'924 bytes
First seen:2020-10-14 16:21:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:gsBPau0NDMYsmwjDhFl3lGLMNbGviaqfSFtUIebUUJOw/zWikyeOyn1K:gAP90+mshF6jXqZiUJ1Jkyetno
TLSH D2D423C9BA8FD87DE3190CC4A5BB3AB757D39ED3C4CE936869D463420D2C54A2CA44C9
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: sonic303-25.consmr.mail.gq1.yahoo.com
Sending IP: 98.137.64.206
From: sophia.docarbide@aol.com
Reply-To: sophia.docarbide@aol.com
Subject: Re: Purchase Order Details
Attachment: New Purchase Order 501,689.rar (contains "New Purchase Order 501,689$.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d97c42b147296636462546b20bda26a99b541c74018894e66bc73efdb07cc77/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 00:54:46 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=twl4ikyuoklggzdckrvsbpncnkm3kqohiamisttgxrz67wyhzr3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9d97c42b147296636462546b20bda26a99b541c74018894e66bc73efdb07cc77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 9d97c42b147296636462546b20bda26a99b541c74018894e66bc73efdb07cc77

(this sample)

Formbook

Executable exe 21ac6b3466ff131a75cea134baddd37412fa73bb5b8697aad76a719346a14648

  
Dropping
MD5 d1b1eef61f69d2b769d2b7dcb1acf155
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21ac6b3466ff131a75cea134baddd37412fa73bb5b8697aad76a719346a14648

Comments