MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9dcb3dedaada625ddd0f5a3bd6412a8e30e63019bd7ffd32100db6b1584ba01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9dcb3dedaada625ddd0f5a3bd6412a8e30e63019bd7ffd32100db6b1584ba01
SHA3-384 hash: a438930d043657750b6e147801af1a345cfd965089272b5217255620e0fd55c46f5595808810892ca21d5b80deefaa4c
SHA1 hash: 5b6375a144fa36f2dcbf7f286dd1ec690d2ec6dc
MD5 hash: 08634e455c12fb801c99cf1fb49ee740
humanhash: mirror-east-violet-robin
File name:1-26.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:696'388 bytes
First seen:2021-01-26 06:39:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:/v4pEXAFBiQ6gSl8bwZFAIqJC/pwJtwHrG1+NmrOy5e2qOSCc/LHk:/v4WaBitOwLAuEtyrG1Squ2qOSbLE
TLSH 23E423D120309FA6DFA0112973728C0650E920C6EEBCC5D47C7AC5E31A7C9A76FE576A
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Ms.Ho <office@cowbown.com>" (likely spoofed)
Received: "from slot0.cowbown.com (slot0.cowbown.com [203.159.80.100]) "
Date: "26 Jan 2021 00:27:28 -0500"
Subject: "Bank in Slip"
Attachment: "1-26.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9dcb3dedaada625ddd0f5a3bd6412a8e30e63019bd7ffd32100db6b1584ba01/
Threat name:
ByteCode-MSIL.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2021-01-26 06:40:11 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zholhxw2vwtclxoq6wr32zasvdrq4yybtpl77uzbadnwwfmexiaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c9dcb3dedaada625ddd0f5a3bd6412a8e30e63019bd7ffd32100db6b1584ba01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip c9dcb3dedaada625ddd0f5a3bd6412a8e30e63019bd7ffd32100db6b1584ba01

(this sample)

Formbook

Executable exe 25cd952df9c74033229ec91a5da330e392390ca6120db46d9ab21d3120c9011c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25cd952df9c74033229ec91a5da330e392390ca6120db46d9ab21d3120c9011c

Comments