MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7bb9990c59025e56501202f44741861466e60a89d3bfa64b75dce4f4b0153fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7bb9990c59025e56501202f44741861466e60a89d3bfa64b75dce4f4b0153fe
SHA3-384 hash: 942c4b166910a8dc4d629e88f90720022541f2e34db11886a5f128cf5208237bd0be5c685cc35d1d6a31160367f76873
SHA1 hash: f53692128a204d56e9128dd4af1ccde6ad1b5c00
MD5 hash: cb133736b33be9676d62bcb2c573823c
humanhash: spaghetti-carpet-table-mirror
File name:Purchase Orders.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:371'964 bytes
First seen:2021-04-04 16:50:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Kvt2BUR/V8r6Z/+wLjkFStu1g/NAG3v61sleEuFkBT/4lIgGb9r3gycy2DCnkc:KvgK8r6YujkFelFAGfUslzuFkxjrr19h
TLSH 0D842376752288100F6CB1F6CDC52E32691E637F427A0BCEA8AF241D395DA3CD57A361
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: europrovoli.eu
Sending IP: 103.99.1.141
From: info@europrovoli.eu
Subject: Re;Purchase Orders
Attachment: Purchase Orders.rar (contains "Purchase Orders.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
252
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-04 16:10:08 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=665ztegfsas6kzibeaxui5aymfdg4yfitu57uzfxlxhe6sybkp7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar f7bb9990c59025e56501202f44741861466e60a89d3bfa64b75dce4f4b0153fe

(this sample)

Formbook

Executable exe 87cff75cb9c14763d12379d4f990b5c852756d0ccfb6cfb279c7eb60a63c5e69

  
Dropping
MD5 822542f022ca16a6c70a20b0d1b817e3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 87cff75cb9c14763d12379d4f990b5c852756d0ccfb6cfb279c7eb60a63c5e69

Comments