MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 063241e49140e3df3ada5a1163057fea3ef8f5003e9317a526284905e62538ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 063241e49140e3df3ada5a1163057fea3ef8f5003e9317a526284905e62538ac
SHA3-384 hash: d4227ff6cdb4daab8f8d575ddbc353e16f33f39ddc447bc0745a38ea860f7b1f4667026c9a623dda73cb70684db60baa
SHA1 hash: 7311a268bc7248115d245d850ac723eaebfe65fb
MD5 hash: 04d077022ba4f113377680f518ecc9f8
humanhash: london-hamper-connecticut-beryllium
File name:quote204.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:559'665 bytes
First seen:2020-08-18 12:05:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:xrFS8G7V+GbkPvlMq3fKhPf6kNX2jS+194H+utt7W4aObz4VZ526+6mmZf:yRqyq3fKhX5de2vq4aO/4U6mQ
TLSH 5CC42314275A1CFA0D32AADF038CE2380101505BBB89EDF6945AEB1897DDC607AEDE1D
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

From: Helen He <server@hinet.net>
Subject: Required Quote
Attachment: quote204.zip (contains "quote204.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/063241e49140e3df3ada5a1163057fea3ef8f5003e9317a526284905e62538ac/
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 12:07:06 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayzedzeridr56ow2liiwgbl75i7pr5iah2jrpjjgfbeqlzrfhcwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/063241e49140e3df3ada5a1163057fea3ef8f5003e9317a526284905e62538ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 063241e49140e3df3ada5a1163057fea3ef8f5003e9317a526284905e62538ac

(this sample)

Formbook

Executable exe 0e596eee578e5cc009d172a7dbae0cf150bbf925360389b9961e67c60ab8f3a2

  
Dropping
MD5 838da2bcdf2df6deeb29971a17485dbb
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e596eee578e5cc009d172a7dbae0cf150bbf925360389b9961e67c60ab8f3a2

Comments