MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf505fce06430c2a9841a611cfbba10bcf08f3cdf1f90d5249ed1fd2eb8d6338. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf505fce06430c2a9841a611cfbba10bcf08f3cdf1f90d5249ed1fd2eb8d6338
SHA3-384 hash: b78ea64caf69c43622bb163b10a74bbbc71c53fbb595e3b4f01cc67cf686ddfad561cca7ebb4c424306d290cf467f54a
SHA1 hash: 2fef58eb7f92ef67608efbc0a63b9ce16557fd71
MD5 hash: 7346d01febf46c6c13e562dd7045d785
humanhash: july-pizza-pennsylvania-glucose
File name:Quotation.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:370'808 bytes
First seen:2020-10-12 06:19:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ct00MWkMYsAcNQI5D64ICE9A/Pi2J8mb7HklOJRGqfAS7aJJ4gkuVPp467xVHR:cjwzsAcNPD6HCKAnn8mb7HkEJRGqf57w
TLSH 107423DE861995DEBB9BC1112B822882E91433DCAF8EA115DEFF18DC355F8B176E100D
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: apioptimum.live
Sending IP: 80.85.157.83
From: AMERICAN IMPORT&EXPORT COMPANY<Sherry343@apioptimum.live>
Subject: RE: INQUIRY/QUOTE REQUEST
Attachment: Quotation.zip (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf505fce06430c2a9841a611cfbba10bcf08f3cdf1f90d5249ed1fd2eb8d6338/
Threat name:
Win32.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-12 03:25:25 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z5if7tqgimgcvgcbuyi47o5bbphqr46n6h4q2usj5up5f24nmm4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cf505fce06430c2a9841a611cfbba10bcf08f3cdf1f90d5249ed1fd2eb8d6338

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip cf505fce06430c2a9841a611cfbba10bcf08f3cdf1f90d5249ed1fd2eb8d6338

(this sample)

Formbook

Executable exe 4e712f5df51bc5970b962b170cfde7a6cd20622ac67164a6f2101655a8a7d7f3

  
Dropping
MD5 31dd94809b63dec3786dbc56133b959b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e712f5df51bc5970b962b170cfde7a6cd20622ac67164a6f2101655a8a7d7f3

Comments