MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b11e28ea95617f3fcbbf7b15afca6965a0cf3ba50965e03c84f41cb1955bc5ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	b11e28ea95617f3fcbbf7b15afca6965a0cf3ba50965e03c84f41cb1955bc5ff
SHA3-384 hash:	0eb5e61845ee16aa3cd91ae3ea34af3b7cefc45f8ca1930a99860e3029931503e049480f042429fdc178b38a61f6409d
SHA1 hash:	35335688c995b13857ebd77a45f081d1de721829
MD5 hash:	72283d2934590477196a68be6a4461ab
humanhash:	tango-kitten-failed-cold
File name:	Quotation.7z
Download:	download sample
Signature	Formbook Create hunting rule
File size:	545'642 bytes
First seen:	2021-02-16 23:58:39 UTC
Last seen:	2021-02-18 04:32:40 UTC
File type:	7z
MIME type:	application/x-7z-compressed
ssdeep	12288:XEp95pUGVHdTWjVzekgfxpjQsIAjsADP9VvFqrr3MkMzhFWlWrlJ:CPiGVHpWRze5xpN7D74rwkMbWM
TLSH	11C423EEB9ACDD1C7CF22533E62D7A582D4557C12B33D02BAA72E9266327D05183B41C
Reporter	GovCERT_CH
Tags:	FormBook

Intelligence

File Origin

# of uploads :

12

# of downloads :

103

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.543.9241.9830.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b11e28ea95617f3fcbbf7b15afca6965a0cf3ba50965e03c84f41cb1955bc5ff/

Threat name:

Win32.Trojan.Woreflint

Status:

Malicious

First seen:

2021-02-16 12:08:21 UTC

AV detection:

14 of 29 (48.28%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wepcr2uvmf7t7s57pmk27stjmwqm6o5fbfs6apee6qoldfk3yx7q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.65

Link:

https://yomi.yoroi.company/submissions/b11e28ea95617f3fcbbf7b15afca6965a0cf3ba50965e03c84f41cb1955bc5ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z b11e28ea95617f3fcbbf7b15afca6965a0cf3ba50965e03c84f41cb1955bc5ff

(this sample)

exe 5528ee96b8cefda8ec99999701a1673fb0dff17a8e603f2c8ccd3abac08f7489

Dropped by

Formbook

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 5528ee96b8cefda8ec99999701a1673fb0dff17a8e603f2c8ccd3abac08f7489

Dropping

MD5 c1a77dddf52f12af022d82471e6bdf19

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample