MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7c539f4839184cd0c5310f0f6acf5505ebda20ca3886d58c0cb5aca2bb1adf9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7c539f4839184cd0c5310f0f6acf5505ebda20ca3886d58c0cb5aca2bb1adf9
SHA3-384 hash: cc85cdb3ca76fb73bc0e1e0e13c9ca0197a04ca4a1e478d059bcf9fa180ff106d15ee549cd0f4d017ac31fbb1d308f2d
SHA1 hash: b94f318038bec83189ee1025becc45f061270776
MD5 hash: 98e8c5e30bc8a8a1097b7a3496b6d2bc
humanhash: two-equal-georgia-golf
File name:order no.0118-21.pdf.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:849'771 bytes
First seen:2021-01-18 18:19:38 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:hbM2/yjAGcM5L8Db446OJk8DTybo62bHx:5M2/fGcAWvyObHx
TLSH AC0533CE9AB087240E3618603BE3CF16A9A60E80556D5747B74BED7775520BCFF3098A
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp.gipfarm.com
Sending IP: 77.48.43.51
From: 'Rowena' <security@gipfarm.com>
Subject: order no.0118-21
Attachment: order no.0118-21.pdf.gz (contains "order no.0118-21.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7c539f4839184cd0c5310f0f6acf5505ebda20ca3886d58c0cb5aca2bb1adf9/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 18:20:10 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w7ctt5edsgcm2dctcdypnlhvkbpl3iqmuoeg2wgaznnmuk5rvx4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b7c539f4839184cd0c5310f0f6acf5505ebda20ca3886d58c0cb5aca2bb1adf9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz b7c539f4839184cd0c5310f0f6acf5505ebda20ca3886d58c0cb5aca2bb1adf9

(this sample)

Formbook

Executable exe 6a7659b4614c990d4feba15eeef035d47dcb8f46d92320620205eb6131eaf6a4

  
Dropping
MD5 ea3b95545772a4401f0978721eef7353
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a7659b4614c990d4feba15eeef035d47dcb8f46d92320620205eb6131eaf6a4

Comments