MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c623e42c93c4127cd03ec53a81cb72789dd199b91fb1c7c24022c6b1b56d8695. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c623e42c93c4127cd03ec53a81cb72789dd199b91fb1c7c24022c6b1b56d8695
SHA3-384 hash: 4743a2af7efe5fa5bb32c0d2cf7fc72aefa50efae6fac1d1d8b10a0b5944711912a8bbb401c347fac5a18156f7105210
SHA1 hash: f26d2550b6e1876558fd2fb374460dcde74b4edb
MD5 hash: 5f52ad3528bcf8b40fa2dc7059dd7ed4
humanhash: berlin-fruit-sink-thirteen
File name:payment issue.r01
Download: download sample
Signature Formbook
Create hunting rule
File size:431'428 bytes
First seen:2021-10-21 07:29:18 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 12288:5gvJyDQ/gaRm88raPZtUvYoIW4V/paEjhWM7QEHwo6:WvJuQ/gaArOZtUvYoI5JpoM7vD6
TLSH T10294236669875A98284B336830B13CCE140F9E157F52D3CBD3670DAC7D462D25EEB3A0
Reporter cocaman
Tags:FormBook r01


Avatar
cocaman
Malicious email (T1566.001)
From: "nihal<rao@uk.fmuser.org>" (likely spoofed)
Received: "from uk.fmuser.org (unknown [103.153.78.112]) "
Date: "21 Oct 2021 00:28:03 -0700"
Subject: "=?UTF-8?B?UmU65Zue5b6pOiBGVzogcGF5bWVudCBpc3N1ZSBuZWVkIGhlbHA=?="
Attachment: "payment issue.r01"

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
fareit obfuscated packed
Link:
https://www.filescan.io/uploads/617116ffa9d585e6d53151df/reports/ae6c01be-ad50-42f0-ac5e-5715a8f54cac/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c623e42c93c4127cd03ec53a81cb72789dd199b91fb1c7c24022c6b1b56d8695/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-10-21 04:04:09 UTC
AV detection:
4 of 44 (9.09%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yyr6iletyqjhzub6yu5ids3spco5dgnzd6y4pqsaeldldnlnq2kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r01 c623e42c93c4127cd03ec53a81cb72789dd199b91fb1c7c24022c6b1b56d8695

(this sample)

Formbook

Executable exe cce2edbec8676315b05ba2e2dda2feb9190edb5f217b9824ae58b40a770924fe

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cce2edbec8676315b05ba2e2dda2feb9190edb5f217b9824ae58b40a770924fe

Comments