MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f31ed67ee9c58f4ad23d3a39c55ad667a9950dc70f1ccb4c9edcb5382c07a168. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f31ed67ee9c58f4ad23d3a39c55ad667a9950dc70f1ccb4c9edcb5382c07a168
SHA3-384 hash: f757d7a8e69495683606bb1fb13d20f8f3569b051ac90dd58d0170b6e0ad3e280efb019d6556704f5581628e8ad62614
SHA1 hash: e9e0a13967c79065126a4d6b1eddac016a5af78e
MD5 hash: 225ef21a3893769df041f185dd4ea191
humanhash: paris-seven-illinois-crazy
File name:4502823857.PDF.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'034'240 bytes
First seen:2022-09-02 10:46:28 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:zZZ52XY+mzo3bvG639pyBw5saPNz0AKIUVDDo7VwG:P5glmzM9eBw70AUwR
TLSH T17F25010AE2586F62E02247F44964E520037BBF8A50BCD3497DFEF2E523B6BC25156E17
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:img


Avatar
cocaman
Malicious email (T1566.001)
From: ""Procurement Scandinavia" <Procurement.Scandinavia@kemira.com>" (likely spoofed)
Received: "from kemira.com (unknown [154.127.53.163]) "
Date: "02 Sep 2022 02:18:10 -0700"
Subject: "New Purchase Order 4502823857"
Attachment: "4502823857.PDF.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1835.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PackedNET.1427-2.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
80%
Tags:
packed
Link:
https://www.filescan.io/uploads/6311df2b59c0157606bdf97f/reports/dac8a62f-3324-478a-a7e3-08a933188841/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f31ed67ee9c58f4ad23d3a39c55ad667a9950dc70f1ccb4c9edcb5382c07a168/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2022-09-02 03:10:25 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
11 of 40 (27.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6mpnm7xjywhuvur5hi44kwwwm6uzkdohb4omwte63s2tqlahufua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f31ed67ee9c58f4ad23d3a39c55ad667a9950dc70f1ccb4c9edcb5382c07a168

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img f31ed67ee9c58f4ad23d3a39c55ad667a9950dc70f1ccb4c9edcb5382c07a168

(this sample)

Formbook

Executable exe ad5003b210c5ed8b9de400328290e3955bdb07de23731475934c299a52dc6e98

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ad5003b210c5ed8b9de400328290e3955bdb07de23731475934c299a52dc6e98
  
Dropping
MD5 497c28055538b22271806bf472034d27

Comments