MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcb9439cd341287d45bf7ca073d7abd09117086ff380ffd6ea9d9cae85ffe64f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcb9439cd341287d45bf7ca073d7abd09117086ff380ffd6ea9d9cae85ffe64f
SHA3-384 hash: 5e2e2e0b10b8f6c787dbc0a2eea1ffe3f327c52f1822f5c66c7cfb1995d29daf63d4191bc7a2a06fe9a7b939e35568f8
SHA1 hash: 39b6bae2648bf025022161cafbf3ebf389fac8ee
MD5 hash: 6b3ccba99b913bba8a96a681206036b4
humanhash: butter-wolfram-robin-music
File name:shipping document.r01
Download: download sample
Signature Formbook
Create hunting rule
File size:579'132 bytes
First seen:2022-07-05 07:09:39 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 12288:aBGFXQxLIMZ32gWwHRR9bfbc4qDVv7rqgWM/s21BuulNc:xFX0Lbx603Zq5zW8BrG
TLSH T13BC42397AE08D1F18DBE43A173196A758D1FB130871A6B3D791886C7E01F2CD9D68DE0
TrID 58.3% (.RAR) RAR compressed archive (v-4.x) (7000/1)
41.6% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook r01 Shipping


Avatar
cocaman
Malicious email (T1566.001)
From: "agencqhd@hoscogroup.com" (likely spoofed)
Received: "from hoscogroup.com (unknown [202.55.133.137]) "
Date: "4 Jul 2022 23:31:00 -0700"
Subject: "RE: Shipment Docs"
Attachment: "shipping document.r01"

Intelligence

File Origin
# of uploads :
1
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bcb9439cd341287d45bf7ca073d7abd09117086ff380ffd6ea9d9cae85ffe64f/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2022-07-05 03:53:04 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
21 of 40 (52.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xs4uhhgtieuh2rn7psqhhv5l2cirocdp6oap7vxktwok5bp74zhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r01 bcb9439cd341287d45bf7ca073d7abd09117086ff380ffd6ea9d9cae85ffe64f

(this sample)

Formbook

Executable exe 4685f903940ad618a79d4ab98aba3cc72002936c7424e1fe2cde9c12aabefd32

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4685f903940ad618a79d4ab98aba3cc72002936c7424e1fe2cde9c12aabefd32
  
Dropping
Formbook
  
Dropping
MD5 a9564934af4cd3baff5baa427b625016

Comments