MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf13dd0a0153656b76140958894d0e60e5506cb345df7a5428b2d7d7702b4b59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf13dd0a0153656b76140958894d0e60e5506cb345df7a5428b2d7d7702b4b59
SHA3-384 hash: 3d78c8518699ce3bdbb5e2dd5be3b8fc80473d9a897ad58bbb43f79e0e2b580cab19a4d5f4186354119f3c2c132615ed
SHA1 hash: ba833bbf684366cb45ddf1fc4a470b5297985eef
MD5 hash: cc0021938bda090aa66e656d4c10f9e7
humanhash: coffee-network-thirteen-stairway
File name:BANK ACCOUNT INFO!.Z
Download: download sample
Signature Formbook
Create hunting rule
File size:630'491 bytes
First seen:2020-11-20 10:38:08 UTC
Last seen:2020-11-21 08:09:21 UTC
File type: z
MIME type:application/x-rar
ssdeep 12288:+WGLI6xOXe0+3Y74dML3RLa6ytfn0uoxE+QOR/P0HD7QPM1:+WGLI6xr0+3Y78QR26yGbEXu4DsPM1
TLSH AED4236405B2611DB8AB9FF52CF16991088480C017A1DE9D4837B7F9DEFE439637928E
Reporter cocaman
Tags:FormBook z


Avatar
cocaman
Malicious email (T1566.001)
From: "Financial<info@yatongroup.com>" (likely spoofed)
Received: "from yatongroup.com (unknown [62.113.215.229]) "
Date: "21 Nov 2020 08:10:11 +0100"
Subject: "Fwd: Urgent Attention: Payment Reconfirmation -EIM PAYMENTS"
Attachment: "BANK ACCOUNT INFO!.Z"

Intelligence

File Origin
# of uploads :
3
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf13dd0a0153656b76140958894d0e60e5506cb345df7a5428b2d7d7702b4b59/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 10:39:04 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x4j52cqbknsww5qubfmistiomdsva3ftixpxuvbiwll5o4bljnmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z bf13dd0a0153656b76140958894d0e60e5506cb345df7a5428b2d7d7702b4b59

(this sample)

Formbook

Executable exe dde122ac5a5a8eb786e335b3278dc5aae9cd3635c889fc4eb641a7a69123954d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dde122ac5a5a8eb786e335b3278dc5aae9cd3635c889fc4eb641a7a69123954d
  
Dropping
Formbook

Comments