MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e717921034eb9700fb789814facfe0588d45daea7c500a9e8a0e8b53a1d5574d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e717921034eb9700fb789814facfe0588d45daea7c500a9e8a0e8b53a1d5574d
SHA3-384 hash: caacbbd79092b33368d88ec3d7851d61ade7745f1f8a26794a712100bdba5a61d58d596882311de03c6c867f40aa4eb2
SHA1 hash: d41ad4f9846cba55c9d405403b4eda587e100737
MD5 hash: 34ac7e76e1e256e70a0408c4e65777f7
humanhash: edward-mango-equal-delta
File name:proforma invoice.cab
Download: download sample
Signature Formbook
Create hunting rule
File size:195'466 bytes
First seen:2021-04-01 07:24:13 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:epC8v1+kAjWcMlYH5Z8kcZXl0zOpYnL5pYmQMtkwO6e9z81bVdf/D8Be3+QkaKe:P6s1YXMOXMmbV6bVdf/gAO3e
TLSH 2514222E39B88770D647C62CF53BB8566EE8A43F5C72584A865617F63C181836FC0CD9
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.aw-himpelar.com
Sending IP: 185.121.120.150
From: Olivia Rodrigues <olivia.rodrigues@bequisa.com>
Subject: Proforma Invoice/Highlighting Overdue Balance-20739, S181911
Attachment: proforma invoice.cab (contains "proforma.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.14067.3445.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e717921034eb9700fb789814facfe0588d45daea7c500a9e8a0e8b53a1d5574d/
Threat name:
Win32.Trojan.SpyNoon
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 07:25:10 UTC
AV detection:
7 of 44 (15.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=44lzeebu5olqb63ytakpvt7alcgulwxkpriavhukb2fvhiovk5gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/e717921034eb9700fb789814facfe0588d45daea7c500a9e8a0e8b53a1d5574d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

cab e717921034eb9700fb789814facfe0588d45daea7c500a9e8a0e8b53a1d5574d

(this sample)

Formbook

Executable exe dcea3ce074a9cc06d03641b052fe3a3f81abb72c480de228b8664dade74c4dce

  
Dropping
MD5 639b33ba33e703b4b7f1d4d4d0c43fff
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dcea3ce074a9cc06d03641b052fe3a3f81abb72c480de228b8664dade74c4dce

Comments