MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 beccfc3cc0649ae6697e89e9c813db0922703169e7422f1d08ff459733fe3d77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: beccfc3cc0649ae6697e89e9c813db0922703169e7422f1d08ff459733fe3d77
SHA3-384 hash: 74cee63e6e20e7b540e85ab132f10acb5d1d78f4400f60756a1b9a218668e731184fc3b51cf5d3bae23672205218a747
SHA1 hash: 86765583e94e7b7f78e17f66eb94a16d13f7dd61
MD5 hash: 34908e5b6b86665211d67cfd05181536
humanhash: jig-low-nitrogen-ohio
File name:PROFORMA INVOICE.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:286'264 bytes
First seen:2021-04-01 07:25:21 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:4F6eGJMFe88ZpcKs60JWfRkj+uQG0B+sbGQb1ixkj79sGKI:4F0Ex8ZyxukfJ3sbGQZiU5snI
TLSH 7E5423E6FA7E08F246B7CA2C3EDCFBE8FE24551869840EF85675111B664923FC1B4141
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hikvision.com
Sending IP: 45.137.22.138
From: Carson Zhang <zhangyifei8@hikvision.com>
Subject: Order
Attachment: PROFORMA INVOICE.gz (contains "PROFORMA INVOICE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/beccfc3cc0649ae6697e89e9c813db0922703169e7422f1d08ff459733fe3d77/
Threat name:
Win32.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 07:26:13 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x3gpypgamsnom2l6rhu4qe63berhamlj45bc6hii75czom76hv3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/beccfc3cc0649ae6697e89e9c813db0922703169e7422f1d08ff459733fe3d77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz beccfc3cc0649ae6697e89e9c813db0922703169e7422f1d08ff459733fe3d77

(this sample)

Formbook

Executable exe 081f11a29cbbc406d40f6444ce0f6befcb83ccdb4745711abb2c191774c5ef1a

  
Dropping
MD5 1c5046f349e608984d791ee6ecd719f6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 081f11a29cbbc406d40f6444ce0f6befcb83ccdb4745711abb2c191774c5ef1a

Comments