MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a90b291065c2ae7e003e5b5e42ba0f16b409e855a6ac500468521d95238b1107. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a90b291065c2ae7e003e5b5e42ba0f16b409e855a6ac500468521d95238b1107
SHA3-384 hash: 8efbc35dce45b274192c4991c97358c97198f5cab2246bfeb1915721b5ba82cea2d85c47d17a6ee0ddd0d9fa4b2ba759
SHA1 hash: f350ca13a6d862013d2a35db7a51b1b1f312f690
MD5 hash: 51e7e28b783a9e3d16c846c91e562473
humanhash: vermont-ten-hot-aspen
File name:purchase order#034.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:510'223 bytes
First seen:2021-03-11 12:05:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:74yH6eH6VcLqi50+aZIZCNE/fPlLWgGdbr3glNn+Y9Q:74y96iLqW0+t+EpW3dbrarO
TLSH FBB4235F119961F24CE9357CD68FDE3281E8EE5C981F476B023B77F84A19251BAC8283
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Samreen<sales@mri.com.pk>" (likely spoofed)
Received: "from mri.com.pk (unknown [103.156.91.170]) "
Date: "11 Mar 2021 02:16:17 -0800"
Subject: "REQUEST FOR QUOTATION"
Attachment: "purchase order#034.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.572.19361.17303.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a90b291065c2ae7e003e5b5e42ba0f16b409e855a6ac500468521d95238b1107/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 12:05:08 UTC
File Type:
Binary (Archive)
Extracted files:
55
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vefssedfykxh4ab6lnpefoqpc22at2cvu2wfabdikiozki4lcedq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/a90b291065c2ae7e003e5b5e42ba0f16b409e855a6ac500468521d95238b1107

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip a90b291065c2ae7e003e5b5e42ba0f16b409e855a6ac500468521d95238b1107

(this sample)

Formbook

Executable exe bba7662277de2d3b05c49fe4c183f307aa73478d30f1b7256755a1cc23f1511a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bba7662277de2d3b05c49fe4c183f307aa73478d30f1b7256755a1cc23f1511a

Comments