MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f773a273037a6a302f0f0e10ddea15085a2a9882d023e033bca523a11804ce3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f773a273037a6a302f0f0e10ddea15085a2a9882d023e033bca523a11804ce3e
SHA3-384 hash: abd9897c435567138c8d1b2a46eccd4dc5d937e020a3f225cc52757d6dcb1bd4c8faddd5dac497e3a96745a42deb66f9
SHA1 hash: 2b909a5b9e20488589d3b6a7ce48a7e2cb1dfa0f
MD5 hash: f8aeb3555f0c1ba62d6715cf778b9d4b
humanhash: lamp-berlin-florida-lemon
File name:Inquiry-RFQ93847849-pdf.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:174'350 bytes
First seen:2021-01-06 07:18:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:Bw6VlvrPmheRPCNstiOsuLNjlTyCc2H5lW1/NjDPpINGFPrz0m:O6/rPyWCWtxsu55yOlSljbpIclsm
TLSH 090423ACC1906E9C1C0FB39A2DFF190538515159830F9BB148FB66E0AD60E9748D7E77
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.briqidanorte.com
Sending IP: 45.85.90.87
From: AJITH GEORGE<office@briqidanorte.com>
Subject: Fw: Inquiry
Attachment: Inquiry-RFQ93847849-pdf.gz (contains "Inquiry-RFQ93847849-pdf.pif")

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f773a273037a6a302f0f0e10ddea15085a2a9882d023e033bca523a11804ce3e/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-01-06 04:15:10 UTC
AV detection:
21 of 46 (45.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=65z2e4ydpjvdalypbyin32qvbbncvgec2ar6am54uur2cgaezy7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/f773a273037a6a302f0f0e10ddea15085a2a9882d023e033bca523a11804ce3e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip f773a273037a6a302f0f0e10ddea15085a2a9882d023e033bca523a11804ce3e

(this sample)

Formbook

Executable exe 1a2c749fb299acc704d2744fa47b02d2ccc4f9a461be0d5ebaa829824e5fb329

  
Dropping
MD5 041fbeba2592a9d0eafbe43d3f9cd1de
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1a2c749fb299acc704d2744fa47b02d2ccc4f9a461be0d5ebaa829824e5fb329

Comments