MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f52bc27ef721f81089cf46c7f640816e9405684351bcaf0b96279387b197d506. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f52bc27ef721f81089cf46c7f640816e9405684351bcaf0b96279387b197d506
SHA3-384 hash:	676693de1be81b43eff223235df4a0c0d2e76811c76e4c60ee07cc72a1a6f7c2bb5f375b24a394c27963e79a9cc2e451
SHA1 hash:	57cf8e60abda204bdcf14efb2e364c87a5c7353b
MD5 hash:	be45b0c5f9e6f0738e7808c4cef28a6e
humanhash:	helium-north-whiskey-friend
File name:	VESSEL SPECIFICATION.zip
Download:	download sample
Signature	Formbook Create hunting rule
File size:	249'040 bytes
First seen:	2021-02-03 12:47:34 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	3072:aO1DnExk43nZ2nhPcur9pVtsDVvoxAtPftzH4bDktNynRFUAy22GYidoHsIQckZe:BLwW5p2G812eyRFUAkhfsIQTtyRmKZ
TLSH	273423C711B18B158D1FCEF0F803CFE0269F6D195B82D49D8E0890E591999EEC2AB9D5
Reporter	fabjer
Tags:	zip

Intelligence

File Origin

# of uploads :

1

# of downloads :

108

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen11.61281.9138.2775.UNOFFICIAL

PUA.Win.Downloader.Soft32downloader-6691270-0

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f52bc27ef721f81089cf46c7f640816e9405684351bcaf0b96279387b197d506/

Threat name:

Win32.Trojan.FormBook

Status:

Malicious

First seen:

2021-02-03 06:58:14 UTC

AV detection:

15 of 45 (33.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6uv4e7xxeh4bbcopi3d7mqebn2kak2cdkg6k6c4we6jypmmx2uda._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.94

Link:

https://yomi.yoroi.company/submissions/f52bc27ef721f81089cf46c7f640816e9405684351bcaf0b96279387b197d506

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip f52bc27ef721f81089cf46c7f640816e9405684351bcaf0b96279387b197d506

(this sample)

exe 4c51f78fbe90c4455d1a0c1f45ff575571974df030b1ea188bf9ab67f4552c68

Dropping

SHA256 4c51f78fbe90c4455d1a0c1f45ff575571974df030b1ea188bf9ab67f4552c68

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample