MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3ca41a246bb7317c5e8c673baa7707810dbc32cb5be5599dd0fe3665a629a63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3ca41a246bb7317c5e8c673baa7707810dbc32cb5be5599dd0fe3665a629a63
SHA3-384 hash: 77964137c857346cddb8aeae0da217ac33cb04b6c4e05ef0b57a6b97996e7f6ae02e2c58f02578fa1a05bc4da0569f59
SHA1 hash: a769ad6417f43029a8155d4d02b8f96f07c6de87
MD5 hash: 4865e32b4d2dc0a7c837a1d8c4a9c244
humanhash: kitten-mississippi-twenty-music
File name:Image001.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:376'683 bytes
First seen:2021-04-04 13:46:48 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:pFtZlFLl2TnIjAkCkC5cJNBOcekbTYNUNOUQ12nF0V97iviAqXr2J9Ek6Yr6Y5e/:pFDDsCCYNOcnTcUnQsnFwsiA5fEHY8sA
TLSH E584238AAF2AD22D6002A319433D01A786661F6E67D5E0B7D1817C359BB0CBD5CC0EF9
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: deltaconnex.com
Sending IP: 45.137.22.100
From: Sarah Harrison <sarah@deltaconnex.com>
Subject: Re purchase order attached
Attachment: Image001.gz (contains "Image001.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
263
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
Win32.Trojan.SpyNoon
Create hunting rule
Status:
Malicious
First seen:
2021-04-04 10:05:11 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ypfedisgxnzrprpiyzz3vj3qpainxqzmww7flgo5b7rwmwtctjrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz c3ca41a246bb7317c5e8c673baa7707810dbc32cb5be5599dd0fe3665a629a63

(this sample)

Formbook

Executable exe 5d4c17f9ea28e3df3efa9d9c7ba40444abeee049fe999eb2d579c6cf4ccc3231

  
Dropping
MD5 3d721e82043d518d2d7b1b971253a646
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d4c17f9ea28e3df3efa9d9c7ba40444abeee049fe999eb2d579c6cf4ccc3231

Comments