MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9a9085f2979d76f392b0933b615a65e10024e3250fa13bb2a330a620d7c7929. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9a9085f2979d76f392b0933b615a65e10024e3250fa13bb2a330a620d7c7929
SHA3-384 hash: 16e4e4c670c21e0ab3c99462f2d87c52ecf6575e1ba3469b45c3e3b1fc7857ed3abbc5c6b845a12e0b047f14b5080ca0
SHA1 hash: cd76be6679caba5781b6a7895986bf78894f4dbf
MD5 hash: b29341737677386a2f662d8a625be950
humanhash: three-kitten-juliet-friend
File name:REF344266679_pdf.z
Download: download sample
Signature Formbook
Create hunting rule
File size:218'571 bytes
First seen:2022-10-25 03:37:43 UTC
Last seen:2022-10-25 03:51:57 UTC
File type: z
MIME type:application/x-rar
ssdeep 6144:hm1EOOsuZblVCCuYwBLDGY3Dqf2SiN5Lzy:hmduZRVCCu8Y3Dq+Fvzy
TLSH T16524221AA73D7E643B10155F96EC83436E15B9F36ADF1C0CDCDBA8622D65113B8F8902
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook z


Avatar
cocaman
Malicious email (T1566.001)
From: "Tae-Hyun H. <kyn.mat@fdandersonagency.com>" (likely spoofed)
Received: "from antyfugo.fdandersonagency.com (antyfugo.fdandersonagency.com [92.52.217.135]) "
Date: "24 Oct 2022 20:32:38 -0700"
Subject: "OVER DUE BALANCE SETTLED.REF344266"
Attachment: "REF344266679_pdf.z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
178
Origin country :
n/a
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:sckepc.fwm
File size:189'952 bytes
SHA256 hash: 15edf5648cc15db173195d68540e2443300e0e1626437f0bcd24d8b3bfa98d8b
MD5 hash: 963564e1ab3d99dfac9a04b29a382017
MIME type:application/octet-stream
Signature Formbook
File name:phzibx.bx
File size:6'143 bytes
SHA256 hash: 6257a03dcd872216ddb39c7ac06d1da62c84dd54559d8a66d4cdf4dc43dcd629
MD5 hash: b2df95ceaff4d015095ed96816668b9c
MIME type:application/octet-stream
Signature Formbook
File name:hqiyzna.exe
File size:6'144 bytes
SHA256 hash: c50553b262fcae812720a5cfb9b1646eabfcc88d4658e3cfcb78c3d33539c23b
MD5 hash: d9bea4251a1a7b4748a95b84876dc615
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9a9085f2979d76f392b0933b615a65e10024e3250fa13bb2a330a620d7c7929/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2022-10-24 10:09:19 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zguqqxzjphlw6ojlbez3mfnglyiaetrskd5bhozkgmfgedl4peuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
Link:
https://yomi.yoroi.company/submissions/c9a9085f2979d76f392b0933b615a65e10024e3250fa13bb2a330a620d7c7929

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z c9a9085f2979d76f392b0933b615a65e10024e3250fa13bb2a330a620d7c7929

(this sample)

Formbook

Executable exe 129f2604f1e1718d464a01fcd1c76e845e784d783fed333642b77e231f121ef3

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 129f2604f1e1718d464a01fcd1c76e845e784d783fed333642b77e231f121ef3
  
Dropping
Formbook
  
Dropping
MD5 b94e95ba33a76a3f5fd8e123d9d8f4b7

Comments