MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d457da57c47b01fdd48f3d7f4927f6bd6374cbba8250d9ea64ed47c99283d9c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d457da57c47b01fdd48f3d7f4927f6bd6374cbba8250d9ea64ed47c99283d9c1
SHA3-384 hash: 81d4a3923724e0e40cae43ad7d031b4eaaa97b4fc6969f3bda147fe15db2ffdc7bb72e21c31a2d69bb4ab0b33d24a491
SHA1 hash: 7f3d1f38b49054fa1a3fc49f23275fdaee75c596
MD5 hash: 5762523a60685aafa8a681672403fd19
humanhash: fourteen-eighteen-may-autumn
File name:Sales_Order description.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:327'406 bytes
First seen:2021-04-08 07:04:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:AH+SwrutL566/wKgyvksaZmNSwLxuqvk9OI6tdBm2BUTIZh47ClQ97Ksv:AHorut16tPyvkHZZwF4Qvvm2BAIZhTQx
TLSH 836423502E23211CB08DCB1AD09B13B462CEDDF9DA2D54FA4FDA91BD1C29EF41667E42
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: digisoft.com.vn
Sending IP: 103.153.183.156
From: <info@digisoft.com.vn>
Subject: OS_PO#3210046374_SALE ORDER_SHIWON_31032021
Attachment: Sales_Order description.rar (contains "Sales_Order description.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodRar-AIC.5188.8530.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d457da57c47b01fdd48f3d7f4927f6bd6374cbba8250d9ea64ed47c99283d9c1/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 07:05:11 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2rl5uv6epma73vephv7usj7wxvrxjs52qjint2te5vd4teud3haq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d457da57c47b01fdd48f3d7f4927f6bd6374cbba8250d9ea64ed47c99283d9c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar d457da57c47b01fdd48f3d7f4927f6bd6374cbba8250d9ea64ed47c99283d9c1

(this sample)

Formbook

Executable exe 9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

  
Dropping
MD5 9cf418b47ac9b4039e9d2f3073b525f0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

Comments