MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d95ecdd2dc8bb08537a5f6547fd6dbb0a3b29c8ac03f8efc244f332a3603ee4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d95ecdd2dc8bb08537a5f6547fd6dbb0a3b29c8ac03f8efc244f332a3603ee4d
SHA3-384 hash: bca74f219b0d61d04bb2d78b7216e71d59fb7daa4addeba755119f6703ecf7d04cecfd8d3dca29a05fb281735da10279
SHA1 hash: e73a486ff758569445f27a9cfefc4f556d140f86
MD5 hash: 7bc89267735fcce7dbbf20f270566a8d
humanhash: wyoming-west-mike-two
File name:Swift.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:203'024 bytes
First seen:2021-03-16 10:36:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:OhEBYJVpL5Sk211b7LiDD3jScBBq/6KWWqvTU4:Oh2YJnL5SPb7OpBUC/jI4
TLSH 131412E8CF8A7E22A785D57994022035FFB38165A42DFE8917AC19F1716057F8FB2243
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sodium.cloudhosting.co.uk
Sending IP: 77.72.0.114
From: mazharul@geniuslogisticsbd.com
Subject: test
Attachment: Swift.zip (contains "Swift.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21516.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d95ecdd2dc8bb08537a5f6547fd6dbb0a3b29c8ac03f8efc244f332a3603ee4d/
Threat name:
Win32.Trojan.Spynoon
Create hunting rule
Status:
Malicious
First seen:
2021-03-16 10:37:06 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3fpm3uw4royikn5f6zkh7vw3wcr3fhekya7y57bej4zsunqd5zgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Emotet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d95ecdd2dc8bb08537a5f6547fd6dbb0a3b29c8ac03f8efc244f332a3603ee4d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip d95ecdd2dc8bb08537a5f6547fd6dbb0a3b29c8ac03f8efc244f332a3603ee4d

(this sample)

Formbook

Executable exe 441a0a46bcdfdee8c8b6761798e75a65204eac43b47547557604f80f26b87e95

  
Dropping
MD5 66408abe0ad530044298aedaefe97574
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 441a0a46bcdfdee8c8b6761798e75a65204eac43b47547557604f80f26b87e95

Comments