MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4bc088d419750c97741e73f8bfca75e604cade2b7bcdbeb84ee12d5a2867ac4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4bc088d419750c97741e73f8bfca75e604cade2b7bcdbeb84ee12d5a2867ac4
SHA3-384 hash: 3a6b7b5a85965decc4f3ce7d8024009b6408bfea51eda556d1569d1d4f82e90e2fddfd9900212b2b832a384ce85afbb2
SHA1 hash: 8c8d61ac516c9aedcb34ea11216625b4cfe0743f
MD5 hash: 56f8aafc89255e871c81434b572498bd
humanhash: seven-hydrogen-hamper-earth
File name:PO8479349743085.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:233'487 bytes
First seen:2020-10-21 09:12:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:z6oIbAIbWA7ar3TktmtbPEYJFg9GVCyr2TMbAZ0f0rmL11OF3J2U5GWsfkKaRY:z6fXar3Itml3Hu0cMc20ESwOGEKaRY
TLSH A834232FA95E1F18D2A325C38B7C64C14E56AC24E112105E1DF67BF8EA80BC3DFD9616
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.205
From: 杨玲 <sales2@teweiband.com>
Subject: PO8479349743085
Attachment: PO8479349743085.zip (contains "PO8479349743085.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.1998.30759.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4bc088d419750c97741e73f8bfca75e604cade2b7bcdbeb84ee12d5a2867ac4/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 04:56:08 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ws6ardkbs5ims52b447yx7fhlzqezlpcw66nx24e5yjnliugplca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip b4bc088d419750c97741e73f8bfca75e604cade2b7bcdbeb84ee12d5a2867ac4

(this sample)

Formbook

Executable exe 1ce0c7f388fb8db723745beb75cfd8e16e6b08ed35268c405bc203813123d284

  
Dropping
MD5 2b87c876822c7f930d071a5ced56ff17
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1ce0c7f388fb8db723745beb75cfd8e16e6b08ed35268c405bc203813123d284

Comments