MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0caec655f6fc217987411ba4c2a7df06466785fa4cec21aa526788206f57a16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: d0caec655f6fc217987411ba4c2a7df06466785fa4cec21aa526788206f57a16
SHA3-384 hash: ff714bd0c0af2aadb33d5603afa4a05c345856a6ca61ff62fe103cad90b4b516e04716cd0c99d4f39b72f67781965e8d
SHA1 hash: 5e12c79e4d0b3b155741811817c06af3d234fa42
MD5 hash: bbecff529d6bb493c1dde04e9deba46e
humanhash: lamp-paris-nebraska-undress
File name:Shipment Document BL,INV and Packing list Attached.zip
Download: download sample
Signature FormBook
File size:292'273 bytes
First seen:2020-06-30 01:46:38 UTC
Last seen:2020-06-30 02:49:57 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:niDR+pGg0nSoCl0NKmuW75RFwz9jRj6SlctfaDTHYNlxPvEqCWYtX32:ituG5RFwz99jrlYin4N3kFWeW
TLSH 085423D596B66E289C9E8B51FCC27BCC42618EF15840240BFC458E9EA75F4E70C2686C
Reporter @jarumlus
Tags:FormBook

Intelligence


Mail intelligence
Trap location Impact
CH Switzerland Low
Global High
# of uploads 2
# of downloads 31
Origin country FR FR
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Sanesecurity.Rogue.0hr.20200629-2102.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/d0caec655f6fc217987411ba4c2a7df06466785fa4cec21aa526788206f57a16/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 01:48:06 UTC
AV detection:22 of 30 (73.33%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 23.08%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip d0caec655f6fc217987411ba4c2a7df06466785fa4cec21aa526788206f57a16

(this sample)

  
Dropped by
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments