MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c293aa3168372a1113d7f551f5b38606d15050ba01c5350bd0fc079aece2ca08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c293aa3168372a1113d7f551f5b38606d15050ba01c5350bd0fc079aece2ca08
SHA3-384 hash: 3a3e05742ebd92287da8ee058c026cf9ae4d01d35f50dca7463612845ca33fb35a0add9beb8169e65b772287efdefb1d
SHA1 hash: 613c1121facb6728754cf9ed76b723e91265b5d9
MD5 hash: 6e2b738e88b52d05c9e7f5942f1d1b9b
humanhash: pennsylvania-oranges-monkey-louisiana
File name:Invoice 1-316 EIT 146370 pdf.r09
Download: download sample
Signature Formbook
Create hunting rule
File size:343'671 bytes
First seen:2022-02-02 05:36:50 UTC
Last seen:Never
File type: r09
MIME type:application/x-rar
ssdeep 6144:FgVSXc5FIvipMEYSUhmym5C9WoUNfnsoCLXFQESpxePk3spql7B6WH5tpi:FgV15iTh4/7RsJSESp2fW7BX9i
TLSH T160742334508C62F87063C5A0C5D1E755842736774ADEACE9ACDB91801B0B9EBE277CBE
Reporter cocaman
Tags:FormBook INVOICE r09


Avatar
cocaman
Malicious email (T1566.001)
From: "Anas Zobi <anas.zobi@gmail.com>" (likely spoofed)
Received: "from gmail.com (unknown [185.222.58.123]) "
Date: "2 Feb 2022 04:43:10 +0100"
Subject: "R: R: Inspection Certificate El-Tadamun 03LC2021/064"
Attachment: "Invoice 1-316 EIT 146370 pdf.r09"

Intelligence

File Origin
# of uploads :
1
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61fa187f6d25ac9e79fa2400/reports/fe6d4abd-f64a-4e19-8d4b-285de34a98ec/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c293aa3168372a1113d7f551f5b38606d15050ba01c5350bd0fc079aece2ca08/
Threat name:
ByteCode-MSIL.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2022-02-02 02:55:02 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 43 (34.88%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ykj2umlig4vbce6x6vi7lm4ga3ivauf2ahctkc6q7qdzv3hcziea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c293aa3168372a1113d7f551f5b38606d15050ba01c5350bd0fc079aece2ca08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r09 c293aa3168372a1113d7f551f5b38606d15050ba01c5350bd0fc079aece2ca08

(this sample)

Formbook

Executable exe be4f10f34cf9bf03b81c0d6a8814f9489908a690ede699f116178e9463ec1996

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be4f10f34cf9bf03b81c0d6a8814f9489908a690ede699f116178e9463ec1996

Comments