MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb0cc060eaafa27b09bc56236fde9c66d8272be6bc8d66abf8f7c361ae3b6e99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb0cc060eaafa27b09bc56236fde9c66d8272be6bc8d66abf8f7c361ae3b6e99
SHA3-384 hash: 4667f3e889bfe5dc98aaf38cb1b4618b09c77574943efb595e911562fa9bba009e69305e54cd15bb299fc683009c9d88
SHA1 hash: 72909058f4684c8e62baa58fbba85074b5edad14
MD5 hash: 282f33b9fa44c94db0e924c01133987a
humanhash: minnesota-minnesota-solar-south
File name:S12GF803.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:408'412 bytes
First seen:2020-10-05 11:20:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:yN8GDlF7KAiGsJ/M6SCMdhtKgxu+iK+51xIr1GJnFHJv3WY+LVfXeUGRX4SM:8tXmVM6SCMdVw0kxIgFHJv3WVhOjc
TLSH 749423E6E5EC80E975833272DB28A378B846FACB13D9E5011FF0EA44539F757A392051
Reporter abuse_ch
Tags:DEU FormBook geo zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pizza-vip06.virtualhosting.hk
Sending IP: 203.135.158.191
From: edward.sun@hengtai-law.co.uk
Subject: Gerichtsbeschluss
Attachment: S12GF803.zip (contains "S12GF803.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb0cc060eaafa27b09bc56236fde9c66d8272be6bc8d66abf8f7c361ae3b6e99/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-05 10:56:25 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmgmayhkv6rhwcn4kyrw7xu4m3mcok7gxsgwnk7y67bwdlr3n2mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb0cc060eaafa27b09bc56236fde9c66d8272be6bc8d66abf8f7c361ae3b6e99

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip bb0cc060eaafa27b09bc56236fde9c66d8272be6bc8d66abf8f7c361ae3b6e99

(this sample)

Formbook

Executable exe 546ca9154ddc425843391ba45da25d60e4c89d85d34dfc5028fb56ed94861bbf

  
Dropping
MD5 1325e793007a9ea3807988d6154b12ba
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 546ca9154ddc425843391ba45da25d60e4c89d85d34dfc5028fb56ed94861bbf

Comments