MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bab7ba2b274542589836c67768543ff4507eceea55df7a57d27051e2378db717. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bab7ba2b274542589836c67768543ff4507eceea55df7a57d27051e2378db717
SHA3-384 hash: 0c37a6758faaf38831e4e622a23d01f7e66309763e7eafb68e5e62feef990dd1f38ec10689c579f607d3a014bc21f55c
SHA1 hash: f3fb02ea08b41662fad18cf24a89f0f20a7d2380
MD5 hash: 0b2ce7207f0781e3dd6b8098d09a71fa
humanhash: two-uranus-pasta-asparagus
File name:Purchase Order Drawing.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:384'966 bytes
First seen:2020-10-15 11:33:42 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:3JXKUt0s/NXj+RUw1sSyR0aFtIQGtitsTjD7H9P0dvVbbuq3r7w2nP0wrsDt:4FwNz+F+SG0aFtIQGtsMHHZmvVL3rM2k
TLSH CD84231CADC68F3D6C2EFC50193E998B7811D528F4A1F6441F66BE87A0A533952FF841
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: reed0.ukrecoalliance.com
Sending IP: 37.46.150.194
From: Mariano Harry <grimaluk@ukr.net>
Subject: PO85922107
Attachment: Purchase Order Drawing.gz (contains "Purchase Order Drawing.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bab7ba2b274542589836c67768543ff4507eceea55df7a57d27051e2378db717/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 08:25:39 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xk33ukzhivbfrgbwyz3wqvb76rih5txkkxpxuv6sobi6en4nw4lq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bab7ba2b274542589836c67768543ff4507eceea55df7a57d27051e2378db717

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz bab7ba2b274542589836c67768543ff4507eceea55df7a57d27051e2378db717

(this sample)

Formbook

Executable exe 5e5dc622108b69d77e09abf99287d670c8f0249e59971ee49ef7506adb572ecf

  
Dropping
MD5 21cae8cb761592f1156daa6c87cd3978
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e5dc622108b69d77e09abf99287d670c8f0249e59971ee49ef7506adb572ecf

Comments