MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db50810233c511c75efda7d43427f0b07d43e90dfc6a661861807078d0faad43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db50810233c511c75efda7d43427f0b07d43e90dfc6a661861807078d0faad43
SHA3-384 hash: 2f92e6116bbd411ca0c9a838771c7c0ed5e60552b534e88bc9b8ec791a077713053d513aebd51c9f4deca9e0a871cf51
SHA1 hash: 02a70094487bee1ec2078335330699b37998d476
MD5 hash: 1a8c076c4e1fa7698a7c10a7067445ab
humanhash: cola-march-delta-crazy
File name:PO61120.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:542'582 bytes
First seen:2020-11-06 17:30:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:9NbCBu31vncjYS13cefS9uuIUTkF/ctm2nDlxGKUKKgglF5m:9j31vcjYS13ceYuueF/m/BaDm
TLSH 7EB423FE2918FC9CA941866F54F74A0290FD7401B5A172F774EF68217EDACC24349A9C
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: slot0.ideeseet.com
Sending IP: 45.145.185.5
From: Jimco Racing Inc<purchase@jimcoracing.com>
Subject: PO no. 238275 Jimco Racing S.K
Attachment: PO61120.zip (contains "PO61120.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BackDoor.SpyBotNET.25.19927.29027.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db50810233c511c75efda7d43427f0b07d43e90dfc6a661861807078d0faad43/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 13:27:03 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3niicartyui4oxx5u7kdij7qwb6uh2in7rvgmgdbqbyhruh2vvbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip db50810233c511c75efda7d43427f0b07d43e90dfc6a661861807078d0faad43

(this sample)

Formbook

Executable exe 9b7f56e3205d471169726432371e18b52971cf2f3eb01702429c741308b28fa7

  
Dropping
MD5 c371ed0c8ac27ae1b0efcecc55854f98
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9b7f56e3205d471169726432371e18b52971cf2f3eb01702429c741308b28fa7

Comments