MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbc1796d3511bd435db407239d2356893b6346d4ea11f5cc8f921d6303940723. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbc1796d3511bd435db407239d2356893b6346d4ea11f5cc8f921d6303940723
SHA3-384 hash: 62f6da2059e2b6d5ba0e9f6f983a5faf4d813bcc8fc27bae1b6c72e057964633e31ce5c99e27dda715fdf23df1994469
SHA1 hash: 343132a00573dee96e03db8825eae9c2b4b79acf
MD5 hash: b17cbe30ade886c514bace256eb0f6f9
humanhash: purple-paris-arizona-spaghetti
File name:đơn hàng mới.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:669'685 bytes
First seen:2020-09-01 06:06:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:KsHEQ0vfFH/mdove9tIA1Uszr9S9zF2FWnb32K/OmWnB6GJzUN0jEUC:YB+Ysi8U29aFOAb32K/krzBjk
TLSH 54E4234B03BB5D5A5A9FCBAA8C662473B1017D193373EB78A441523DD6C670C6D30CB6
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ns3.donato.inf.br
Sending IP: 207.244.243.143
From: Vũ Hoàng Yến - Chuyên viên Cung ứng và Đấu thầu <YenVH@flamingogroup.vn>
Subject: đơn hàng mới
Attachment: đơn hàng mới.zip (contains "đơn hàng mới.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42555.18559.12131.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbc1796d3511bd435db407239d2356893b6346d4ea11f5cc8f921d6303940723/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xpaxs3jvcg6ugxnua4rz2i2wre5wgrwu5ii7ltepsiowga4ua4rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bbc1796d3511bd435db407239d2356893b6346d4ea11f5cc8f921d6303940723

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip bbc1796d3511bd435db407239d2356893b6346d4ea11f5cc8f921d6303940723

(this sample)

Formbook

Executable exe 0c2e455f5983d94458f8222bda189794e9095460e0df8764d4bd4787fc217a52

  
Dropping
MD5 1fa55f867b077bba9a535f68ad0f56c5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c2e455f5983d94458f8222bda189794e9095460e0df8764d4bd4787fc217a52

Comments