MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e56ee0037f504e8c54ffa8f4f180cb8fb7dc6da802e336bd67ccdaf4616c2370. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e56ee0037f504e8c54ffa8f4f180cb8fb7dc6da802e336bd67ccdaf4616c2370
SHA3-384 hash: 0dcc041e5a4f98936330a4e1c678236b11c06e16d506f3e1e51e8354bd557dc4695b4ca290b7df67744b644481f08321
SHA1 hash: bd69e0fbadb68487e1f47c4abf5d404b65a884f0
MD5 hash: 9626cc512dbe8965189adfa61cf157b1
humanhash: maryland-seven-shade-tennessee
File name:Payment Advice.z
Download: download sample
Signature Formbook
Create hunting rule
File size:234'071 bytes
First seen:2022-04-06 05:47:03 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:2cy0xtt88VuF7Tpd7CS1VAn5bOxQHkkP06Aabm:7PT8lTb9SnuQHYabm
TLSH T1E434238784AB37B513AEB30FFDCA44EFD5803C92928092141D659594ED4A33B3B946F9
Reporter cocaman
Tags:FormBook payment z


Avatar
cocaman
Malicious email (T1566.001)
From: "account <admin@2080technologiesllc.partners>" (likely spoofed)
Received: "from ns-882.awsdns-46.net (unknown [45.58.34.21]) "
Date: "5 Apr 2022 16:47:58 -0700"
Subject: "RE:RE: Advance T/T Payment Copy"
Attachment: "Payment Advice.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe formbook overlay packed python shell32.dll
Link:
https://www.filescan.io/uploads/624d299240ce5db9f41786fa/reports/9ab6361c-feea-44ea-abe0-20be84676c3b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e56ee0037f504e8c54ffa8f4f180cb8fb7dc6da802e336bd67ccdaf4616c2370/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2022-04-06 05:48:06 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 42 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4vxoaa37kbhiyvh7vd2pdaglr635y3nialrtnplhztnpiylmenya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e56ee0037f504e8c54ffa8f4f180cb8fb7dc6da802e336bd67ccdaf4616c2370

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z e56ee0037f504e8c54ffa8f4f180cb8fb7dc6da802e336bd67ccdaf4616c2370

(this sample)

Formbook

Executable exe 74629548435c5209dc523d8e9ae8de11527f646205937d7f645d7db4fe8dfbc0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74629548435c5209dc523d8e9ae8de11527f646205937d7f645d7db4fe8dfbc0
  
Dropping
Formbook

Comments