MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b662cc7def1e09ebf61f65fab189e93a0f8af51729c1182ca944b3fb949b2e8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b662cc7def1e09ebf61f65fab189e93a0f8af51729c1182ca944b3fb949b2e8f
SHA3-384 hash: e6d55103b793251baa0a334ee98be9d60b94e0631ad077be246cb6c3c3e5e4bfa9e0a02ebd33a87d9c20be050f8f2a4e
SHA1 hash: b7af771e172ff83c2a76547532fce97d8deea09a
MD5 hash: 605d5abc49a7b3f3b98006fe015875ab
humanhash: lamp-nitrogen-robin-asparagus
File name:SHIPPING DOCUMENTS.pdf.z
Download: download sample
Signature Formbook
Create hunting rule
File size:219'547 bytes
First seen:2021-04-16 05:37:53 UTC
Last seen:2021-04-16 05:38:31 UTC
File type: z
MIME type:application/x-rar
ssdeep 6144:Tt0Kuhs8LdddcXQNw0gbONxaWnJNqmcKAmQ0tTmf:TtUhlL9NN8iDNqnKAh0Vmf
TLSH BA2423118FCD92D93D2504DF61BC08E6D78D87A913E9537AFD8B1A90ACD044BE0AAFD4
Reporter cocaman
Tags:z


Avatar
cocaman
Malicious email (T1566.001)
From: "Shihas <hamad@charlotte.com.qa>" (likely spoofed)
Received: "from postfix-inbound-10.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "15 Apr 2021 19:02:54 -0700"
Subject: "=?UTF-8?B?UmU6IFJlOiBTaGlwcGluZyBEb2N1bWVudHMg4oCTIFBhY2tpbmcgTGlzdCAmIENvbW1lcmNpYWwgSW52b2ljZQ==?="
Attachment: "SHIPPING DOCUMENTS.pdf.z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b662cc7def1e09ebf61f65fab189e93a0f8af51729c1182ca944b3fb949b2e8f/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2021-04-16 01:41:44 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
13 of 47 (27.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzrmy7ppdye6x5q7mx5ldcpjhihyv5ixfharqlfjisz7xfe3f2hq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/b662cc7def1e09ebf61f65fab189e93a0f8af51729c1182ca944b3fb949b2e8f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z b662cc7def1e09ebf61f65fab189e93a0f8af51729c1182ca944b3fb949b2e8f

(this sample)

Formbook

Executable exe d669d899b7cd236de403fd42807fffcf3600d5070d42e09e21f67ded211a504f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d669d899b7cd236de403fd42807fffcf3600d5070d42e09e21f67ded211a504f

Comments