MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9529ab716a6b84cd807915b6d7b8153962fd90a803eb96bb5f3a98fac3193e4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 9529ab716a6b84cd807915b6d7b8153962fd90a803eb96bb5f3a98fac3193e4e
SHA3-384 hash: 774ead231dc01cc3529356a9f7c49329b215db711605689eaf6a4724044ccf7f103122e31e73c6a25cbe37140afd4b37
SHA1 hash: 04f1118b8222707e4b5682b94c3b7a1dd23b3233
MD5 hash: 55d88e4bca527e14603d78f69a55f697
humanhash: cup-bluebird-illinois-pasta
File name:PO389732.zip
Download: download sample
Signature Formbook
File size:267'180 bytes
First seen:2020-06-30 05:22:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:QrmzOJQ+zHu6VMKNoGfHT4zDZ8LaMfXF9WzVYvg:guOJQ4XVZN34B8L1fPEj
TLSH 0C44230FC234FF13A54FED763D78E5336861E1B5A6EA37345CA143BA4A1A560CC2622D
Reporter @abuse_ch
Tags:FormBook zip


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.202
From: Leona <admin@yingshitech.com>
Subject: Re:new order
Attachment: PO389732.zip (contains "PO389732.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 33
Origin country US US
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/9529ab716a6b84cd807915b6d7b8153962fd90a803eb96bb5f3a98fac3193e4e/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 05:23:04 UTC
AV detection:23 of 48 (47.92%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 9529ab716a6b84cd807915b6d7b8153962fd90a803eb96bb5f3a98fac3193e4e

(this sample)

  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment

Comments