MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9a5a3572037295e14ea5e0e62396c2e9a73e019bf8b36be502b8a8a9987ff4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9a5a3572037295e14ea5e0e62396c2e9a73e019bf8b36be502b8a8a9987ff4e
SHA3-384 hash: b2e1e8618382364aff6fe15ffb8eda02610b28aab49cffebb291fc2bdcd5d4ff984ea28c7f0e38f7fe8cbfaffffc2148
SHA1 hash: d75a45b30b959583be3f3c98ffc4d0f0987f728e
MD5 hash: 4ec5f3df2eccd02ea085acf551537037
humanhash: wisconsin-quiet-paris-steak
File name:order08172.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:488'563 bytes
First seen:2020-08-17 06:09:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:7K1H1ryKj7ATD5dx0EjpUghGUerX8AVsJpQzjrL5hOrizS6dNc4:7K1KNxjasMQyzjrL5hO2PD
TLSH 57A4237D07091FDD2DCFB2BF114C3852CA0E251886B71666896FE179AE1D484BCB64CB
Reporter abuse_ch
Tags:FormBook geo TUR zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: dersan <info@dersan.com.tr>
Reply-To: info@dersan.com.tr
Subject: Lütfen referansınız için yeni siparişimizin ekli kopyasını bulun.
Attachment: order08172.zip (contains "5IYB3BCNQjj7wzj.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.5932bc473a03c2c6.6207.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9a5a3572037295e14ea5e0e62396c2e9a73e019bf8b36be502b8a8a9987ff4e/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 06:11:10 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zgs2gvzag4uv4fhklyhgeolmf2nhhyazx6ftnpsqfofivgmh75ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/c9a5a3572037295e14ea5e0e62396c2e9a73e019bf8b36be502b8a8a9987ff4e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip c9a5a3572037295e14ea5e0e62396c2e9a73e019bf8b36be502b8a8a9987ff4e

(this sample)

FormBook

Executable exe 30d3cf43f91eea8df889ee14337ca8067bc68521ff63184c679aac80b321bb75

  
Dropping
MD5 5932bc473a03c2c6152c22df035ecbe0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 30d3cf43f91eea8df889ee14337ca8067bc68521ff63184c679aac80b321bb75

Comments