MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3679b96568e3ec9d6af670ce17cc10cfad3bfeee0345731c3d6b4de5c65c610. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3679b96568e3ec9d6af670ce17cc10cfad3bfeee0345731c3d6b4de5c65c610
SHA3-384 hash: 164587bc0f7cb88726bdb4e92a952c062342f54a88cc718dcdb8a752a814167cfc2d13463423119d8ac6d0a628d512a3
SHA1 hash: 8d933d6a6f369dbe609a600ce6fa699f02a394b3
MD5 hash: 2094ae8ad45eeeb1e651b72a2c67d95a
humanhash: massachusetts-fanta-skylark-mockingbird
File name:PAYMENT COPY.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:264'374 bytes
First seen:2022-08-17 08:29:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:zCAlGId55ByujO4WMwlYJAUyj9H+noL7T6ge:zCmFP7O4WMw+/yj9RTHe
TLSH T1A94422478727013ADF610E1F22C96BE7A63A7E359C3A259C07F1514E2899EF470672F8
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:FormBook payment SWIFT zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""M.Santhana (Mr)" <intl-inquiry@tglobal-trading.com>" (likely spoofed)
Received: "from mageneet.com (unknown [109.206.241.106]) "
Date: "15 Aug 2022 05:53:01 -0700"
Subject: "Re: RE : RE: Payment Swift Copy"
Attachment: "PAYMENT COPY.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs414.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.DownloaderNET.345.26742.23771.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated overlay packed
Link:
https://www.filescan.io/uploads/62fca7198adad7d7739a3923/reports/c2773a5a-c69b-4a53-b3ea-406244ea3df9/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/c3679b96568e3ec9d6af670ce17cc10cfad3bfeee0345731c3d6b4de5c65c610
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3679b96568e3ec9d6af670ce17cc10cfad3bfeee0345731c3d6b4de5c65c610/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-08-15 09:52:52 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yntzxfswry7mtvvpm4goc7gbbt5nhp7o4a2fomod222n4xdfyyia._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/220817-kd5wgadahm/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c3679b96568e3ec9d6af670ce17cc10cfad3bfeee0345731c3d6b4de5c65c610

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip c3679b96568e3ec9d6af670ce17cc10cfad3bfeee0345731c3d6b4de5c65c610

(this sample)

Formbook

Executable exe 905dd9e890f6ed79a1a1d55aa2a1134d1415e874783a2a46d266d90005174ce0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 905dd9e890f6ed79a1a1d55aa2a1134d1415e874783a2a46d266d90005174ce0
  
Dropping
Formbook

Comments