MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3298fe51a40cb3c8e78679a13edfc4f1448ff2031ca790ef1a569b8528db3b99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3298fe51a40cb3c8e78679a13edfc4f1448ff2031ca790ef1a569b8528db3b99
SHA3-384 hash: a367902ea67347a6eae648af0057965b6ac863c04361dfad2e865e5accc9542377c297571db58834a089b763165e59d4
SHA1 hash: ce7a5c330f59ed060bf3adc5802a38887b92fc95
MD5 hash: d646beaf0a7a7e9d98248958d8d40001
humanhash: summer-july-zebra-alaska
File name:Ordine6005432.scan...rar
Download: download sample
Signature FormBook
Create hunting rule
File size:203'488 bytes
First seen:2020-07-01 05:36:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:OFGmqcA0tAUF6fLIrqm6a7m9NvTzDzBeSUlpAf3vgZJBF2+i9+ry1QXHkdUGA60w:0+cBwzy6aSLml6kJX2+iyxHq/AZSgnMh
TLSH A21422931C4897EE992BF1E6EE31119533DBEEE5090D0037602E48AE716A7FD0CE5926
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 199-168-185-10.hdb.gsitio.com
Sending IP: 199.168.185.10
From: Chungheon Lee <euroistru@gmail.com>
Subject: RE: Ordine
Attachment: Ordine6005432.scan...rar (contains "Ordine6005432.scan...exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3298fe51a40cb3c8e78679a13edfc4f1448ff2031ca790ef1a569b8528db3b99/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 05:38:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gkmp4unebsz4rz4gpgqt5x6e6fci74qddstzb3y2k2nykkg3homq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 3298fe51a40cb3c8e78679a13edfc4f1448ff2031ca790ef1a569b8528db3b99

(this sample)

FormBook

Executable exe 8604f9cf7a68603106748dcd54ec4bf13f11ac46bf07d4fa0ec20d45b98e16c9

  
Dropping
MD5 9f0039672a32b1194ed354d62bac51a3
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8604f9cf7a68603106748dcd54ec4bf13f11ac46bf07d4fa0ec20d45b98e16c9

Comments