MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b505db1f4092dbbbbf3cb8b6df4d51b89ebb09254b4cb8cf4922b0868511d6e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b505db1f4092dbbbbf3cb8b6df4d51b89ebb09254b4cb8cf4922b0868511d6e0
SHA3-384 hash: 3799dd618e294cfba7f0b0ee991677b52f9c218548cef4b0f4cd0c35e73d998cc00fffd5ab1b32a57ed76b5aa5eda034
SHA1 hash: bfbe341af60ce30de10c54042437b80e9bd579a6
MD5 hash: fa2f8a043c2ddfdbc6cc00b4c361103a
humanhash: single-winner-lima-zulu
File name:UPDATED ORDER CONFIRMATION PDF.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:397'753 bytes
First seen:2020-08-13 09:57:10 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:hLlQcdLkQmPY8AY/LERpJGEsHjbWH1L/RNxF+hZG4hZGsfi+JvLh+b4lb96J282:7DoZXTzUXLF+XGoGzb4d9b82
TLSH C984230816897DE60809FE43B7F4BB542F990265B3B61DB24CB64B5CAD3411B7F8AE13
Reporter cocaman
Tags:FormBook r00


Avatar
cocaman
Malicious email
From: Norbert Markus <n.markus@centerline.de>
Received: from centerline.de (unknown [103.133.106.216])
Date: 13 Aug 2020 00:42:45 -0700
Subject: ORDER CONFIRMATION
Attachment: UPDATED ORDER CONFIRMATION PDF.r00

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200814-0804.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b505db1f4092dbbbbf3cb8b6df4d51b89ebb09254b4cb8cf4922b0868511d6e0/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 09:59:03 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
16 of 29 (55.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wuc5wh2asln3xpz4xc3n6tkrxcplwcjfjnglrt2jekyinbir23qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b505db1f4092dbbbbf3cb8b6df4d51b89ebb09254b4cb8cf4922b0868511d6e0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 b505db1f4092dbbbbf3cb8b6df4d51b89ebb09254b4cb8cf4922b0868511d6e0

(this sample)

Formbook

Executable exe d6cfa16240c572c1d310d0e3f9a3a48254103dbfdaf47d08b31bd255a6022d50

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d6cfa16240c572c1d310d0e3f9a3a48254103dbfdaf47d08b31bd255a6022d50

Comments