MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7096087c41bf61a82be7669b786e5d2d4df5fcb562304d4427b701358ef8488. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7096087c41bf61a82be7669b786e5d2d4df5fcb562304d4427b701358ef8488
SHA3-384 hash: d822c6052d0c721ce3e25bda5f110d2187141c865bfadd0561a76d8ccd8215d63fca860dd8274041ddd7f6f1ac317926
SHA1 hash: cb988d2bf6f8ec3fdd2dccea836848d01988797e
MD5 hash: 40ebb5b674aa6e5e554fa8966512b668
humanhash: colorado-charlie-edward-triple
File name:Purchase Order pdf.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:433'174 bytes
First seen:2021-02-21 18:13:06 UTC
Last seen:2021-02-24 13:32:35 UTC
File type: 7z
MIME type:application/x-rar
ssdeep 12288:g85437WWj9k5hphdtlC1Hq2s+sORRgjiFGU:Nm37NsDXtEVE+mjO
TLSH 7D9423A44A9C03266DF620E6F7CF9330F9A3BD831995649DCC32F9D2A6A173171CD251
Reporter abuse_ch
Tags:7z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ingramgroup.net
Sending IP: 45.137.22.51
From: Marketing Manager<Joshi@ingramgroup.net>
Subject: Purchase Order
Attachment: Purchase Order pdf.7z (contains "Purchase Order pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7096087c41bf61a82be7669b786e5d2d4df5fcb562304d4427b701358ef8488/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-02-21 18:14:07 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=64ewbb6edp3bvav6ozu3pbxf2lkn6x6lkyrqjvccpnybgwhpqsea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z f7096087c41bf61a82be7669b786e5d2d4df5fcb562304d4427b701358ef8488

(this sample)

Formbook

Executable exe 1d0aa1485b2e4d3e411e2d2e9ddfc3763120082cc039972770d5aa882fd4cb87

  
Dropping
MD5 2b488bf47e80bec2e9627ea2546be342
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1d0aa1485b2e4d3e411e2d2e9ddfc3763120082cc039972770d5aa882fd4cb87

Comments