MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff7fb891cb3d9f0767178b55c62c814a362e14e236eb496d5a88dae07602a3e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff7fb891cb3d9f0767178b55c62c814a362e14e236eb496d5a88dae07602a3e3
SHA3-384 hash: 50e6327598294010270060ceb1630326d9c7720ec9305b88d046feb7ec2a707f86dfd363cd915e3f99dec44acfe7e1a1
SHA1 hash: 3f1db69f8a4581133626e4ce03bcad9e48fbb69f
MD5 hash: 70447ad1d6588575dd56338e79e6371b
humanhash: sink-mobile-blossom-tennis
File name:350129441.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:341'228 bytes
First seen:2020-12-22 06:49:50 UTC
Last seen:2020-12-23 02:43:39 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:ugxJY23SY+8GAMmarqLX20hrx0YgwEXAZLOGDuv9sF6nHW2B0E:uSYvYhM7cX2Sr3gwZhFUsUHxuE
TLSH D37423B27628659D412AEB2FE3BE17241721F3177D454D3E3663F615CA6A400BE0C3EA
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Jenny Jiang <Jenny.Jiang@bmo.com>" (likely spoofed)
Received: "from bmo.com (unknown [79.110.52.80]) "
Date: "22 Dec 2020 04:45:09 -0800"
Subject: "Balance Payment Advice for lgpartner.ch"
Attachment: "350129441.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_exenum416.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff7fb891cb3d9f0767178b55c62c814a362e14e236eb496d5a88dae07602a3e3/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 06:50:07 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
13 of 29 (44.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7573reolhwpqozyxrnk4mlebji3c4fhcg3vus3k2rdnoa5qcuprq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff7fb891cb3d9f0767178b55c62c814a362e14e236eb496d5a88dae07602a3e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip ff7fb891cb3d9f0767178b55c62c814a362e14e236eb496d5a88dae07602a3e3

(this sample)

Formbook

Executable exe 34cb445ac6f9c3dc60d465baa8ffbbca5abaf84fce4ff7075628e6cd1d41c559

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 34cb445ac6f9c3dc60d465baa8ffbbca5abaf84fce4ff7075628e6cd1d41c559

Comments