MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5b9c44ced2b1c97b5b30b001b40ced799e62e77b3328a83dcb92f60a6cca06e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5b9c44ced2b1c97b5b30b001b40ced799e62e77b3328a83dcb92f60a6cca06e
SHA3-384 hash: 7c1f1d659ec859b449026089372659cbb92cfb24b2d98304aae50567ee6f3121260a2891e821e3dc9428ae70b6f194ea
SHA1 hash: 752df1a554c1969c3e578dcbd88944b4ecc41b80
MD5 hash: 2bc0fb0abcc6c99a73611e991509ce6b
humanhash: river-freddie-pennsylvania-missouri
File name:ORDER 220100124.z
Download: download sample
Signature Formbook
Create hunting rule
File size:1'056'122 bytes
First seen:2020-10-15 12:55:14 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:Rldapxf6YxUqPMzzGkjiviZf0WOtYcyrt7/OuGV:3daaEOzz8+0Ycyr7GV
TLSH DD2533DE60713641F339B7A6AA580CEF459296993E0BCEB12E6B73319BCCD074F19046
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: p3965429.pubip.peer1.net
Sending IP: 83.222.252.185
From: Nadeem Ahmed <nadeemahmed@indus-group.com>
Subject: DELIVERY ORDER 220100124
Attachment: ORDER 220100124.z (contains "Spec-ORDER 220100114.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5b9c44ced2b1c97b5b30b001b40ced799e62e77b3328a83dcb92f60a6cca06e/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 10:07:33 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yw44ithnfmojpnntbmabwqgo26m6mltxwmziva64xexwbjwmubxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c5b9c44ced2b1c97b5b30b001b40ced799e62e77b3328a83dcb92f60a6cca06e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z c5b9c44ced2b1c97b5b30b001b40ced799e62e77b3328a83dcb92f60a6cca06e

(this sample)

Formbook

Executable exe 87d8ef6a4c6bf661d7957a62b9e8e9ea6627f80227f9ea88502bf601b94a960e

  
Dropping
MD5 e9837da90bf5397e6694e4fa28128be3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 87d8ef6a4c6bf661d7957a62b9e8e9ea6627f80227f9ea88502bf601b94a960e

Comments