MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f962ff7a2e7d4c42c1b435f5ab1799b5deace3a032ae801618a2116b268131f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f962ff7a2e7d4c42c1b435f5ab1799b5deace3a032ae801618a2116b268131f7
SHA3-384 hash: 63faac3b7f63aaf43e5a0521461bc7e0ccfab5c4ce0ae955e2dfb6c06004d4c5913a78bf040c7ec8e9bab572d883b2ad
SHA1 hash: b76bb9c315b6980d407a31dd5560364d24426b2d
MD5 hash: 7a45043af5b34be239ac92a827c93c7c
humanhash: fifteen-charlie-eight-october
File name:Purchase_Order_EK_RA30151_MontJade_Engineering_Co_Ltd_752311.xz
Download: download sample
Signature Formbook
Create hunting rule
File size:875'752 bytes
First seen:2020-12-04 06:28:00 UTC
Last seen:Never
File type: zip
MIME type:application/octet-stream
imphash 0b53c587d92252505a138d0d9f3f823f (1 x Formbook, 1 x Loki)
ssdeep 24576:eDTLDJqe+iGA21IeK/PtFOqxiyqrYnUr5IU3:q7+iGAWr/b3
Threatray 38 similar samples on MalwareBazaar
TLSH 0B15122232E48073F4B756385CA9C7A0DDB5BC346A71890EBFD5475E2E30A92C72A753
Reporter fabjer
Tags:archive

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6058.27729.25419.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f962ff7a2e7d4c42c1b435f5ab1799b5deace3a032ae801618a2116b268131f7/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-12-02 01:35:42 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7frp66ropvgefqnugx22wf4zwxpkzy5agkxiafqyuiiwwjubgh3q._file
Verdict:
malicious
Similar samples:
28a118154e80160c5fe697f0cfed554c0cfc4978bc6b2a35b4d0a47244f73bdc
Formbook
329e8814efa351d1c58c275981a39cf0a9ef0f50d8eb8db9bbb8f70020d75204
Formbook
584e708b0a6e5782746eb169983ada677c6b0e0fc93fb01751b7393ef8d975cf
Formbook
8747896fc2d331a7dc2f3f216e4af54da9b02fecc3e17172de74ed0b85f9ce09
Formbook
a7755dd7ba0c0f4c51ab6f9154ac0a7b722cd6c9da168ffac5fd546881fcd0f9
Formbook
b3aaa25577ded32ea0f2f4460bc5666cd4e83c607c7ddc725500bef96886c491
Formbook
ced287221f1034fec7a1280429189f9845664f0c554390a1a2e0e7b5b0f324bb
Formbook
e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec
Formbook
ef48077e61db2dcdea9756d06cd330571e697ccb6c0f38b80f0198183ab47a11
Formbook
f1c0e198445a81a738ad7509079b63752b0bc934cd66ce39bc95cb50224ca0d3
Formbook
+ 28 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Gamarue
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f962ff7a2e7d4c42c1b435f5ab1799b5deace3a032ae801618a2116b268131f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip f962ff7a2e7d4c42c1b435f5ab1799b5deace3a032ae801618a2116b268131f7

(this sample)

Formbook

Executable exe 17c7eb5988e11440ac66fccc2a9c8ada3ab1e7183480ddd05ee3a47b19a95f9b

  
Dropping
SHA256 17c7eb5988e11440ac66fccc2a9c8ada3ab1e7183480ddd05ee3a47b19a95f9b
  
Delivery method
Distributed via e-mail attachment

Comments