MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3518e76553d46d9023689920bf56f66b8a0a1384e4740623e9b1fd7ae7db1b45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3518e76553d46d9023689920bf56f66b8a0a1384e4740623e9b1fd7ae7db1b45
SHA3-384 hash: 260149a2ba05085816b7b5ca5f88768479dfe2eac7bf28b3410b325144f018d02c26a974380a07a606fb8cf05adfab22
SHA1 hash: 15573709f7c16e4563144cbeede5830845c05716
MD5 hash: 7cb5ea3806a9be8156afb989753bd10d
humanhash: stream-massachusetts-ohio-rugby
File name:PO_27april.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:341'759 bytes
First seen:2020-04-29 16:39:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:FalkTlXPQ/eN+2dOQUZJT0et4ECMBGFW4fyvQcmcpHJXqzj2Cuzi:blfQqUZ50eeMBGFW4/fGpXanuO
TLSH 097423100DA971893034A3723889FF9D56DBD0A70B25FDBAE4616B5F2FED31605983A3
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cathay-food.co
Sending IP: 111.90.140.123
From: Kelvin <info@dmmachinery.net>
Reply-To: piusequip20@protonmail.com
Subject: FW:we need supplies urgently
Attachment: PO_27april.zip (contains "PO_27april.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.66830.11939.32528.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 17:35:37 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gumoozkt2rwzai3iteql6vxwnofaue4e4r2ami7jwh6xvz63dncq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 3518e76553d46d9023689920bf56f66b8a0a1384e4740623e9b1fd7ae7db1b45

(this sample)

Formbook

Executable exe 2df514e021d7b92b4c12d4a4c37b67e012483b18142c7b7cf562180584b8eb27

  
Dropping
MD5 4b31f8c745416ae19a648ffb9dd14ed9
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2df514e021d7b92b4c12d4a4c37b67e012483b18142c7b7cf562180584b8eb27

Comments