MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c128f40d739c542e4f3c410aa55e3ee769df37a7e282279927f09cae1d630f1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c128f40d739c542e4f3c410aa55e3ee769df37a7e282279927f09cae1d630f1b
SHA3-384 hash: c0470d7ab0ff945e747ee871936d8de0e8ea7ddd49815f71948259d4324933b440c96a567c279070f70e399d213ed8a6
SHA1 hash: 5567c4951677114023a207227f4f243ef52d087b
MD5 hash: 41c31ea7c8aa660e61fa6b5d33f82d13
humanhash: maryland-bravo-wisconsin-mobile
File name:TT SWIFT COPY.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:702'749 bytes
First seen:2021-04-07 11:20:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Db4jMH10POUnRWiM1VgmPvgXBmbVP5uNG4dlsas7frU/CFE/AdYB5ahqf:AjJnRlMVn+BmhPYrlsaMU/6xdoH
TLSH BAE423E9422BF50D37526B6EF8F705D27283A92430405D9A6029317CD6DEABCCAB317D
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ip116.ip-147-135-107.us
Sending IP: 147.135.107.116
From: sales<sales@acalbfi.com>
Reply-To: bmathena@accesesdata.com
Subject: RE:Payment Confirmation
Attachment: TT SWIFT COPY.rar (contains "TT SWIFT COPY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Porcupine.Unclassified.100180.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c128f40d739c542e4f3c410aa55e3ee769df37a7e282279927f09cae1d630f1b/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 08:03:37 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yeupidlttrkc4tz4iefkkxr645u56n5h4kbcpgjh6cok4hldb4nq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c128f40d739c542e4f3c410aa55e3ee769df37a7e282279927f09cae1d630f1b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar c128f40d739c542e4f3c410aa55e3ee769df37a7e282279927f09cae1d630f1b

(this sample)

Formbook

Executable exe 0aaa10495fff6567ec8ecb5fa1ea118ad1b1230c77db540c0dd7cb6f1d26f6fb

  
Dropping
MD5 406a64ab57ea700d2ecb90349fffe44a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0aaa10495fff6567ec8ecb5fa1ea118ad1b1230c77db540c0dd7cb6f1d26f6fb

Comments