MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e50a6adc3a4af45a5cfac4a213be964aa7ed0db5eb8b13ed7c4fc99e160cbc67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e50a6adc3a4af45a5cfac4a213be964aa7ed0db5eb8b13ed7c4fc99e160cbc67
SHA3-384 hash: d8ce97199ba411201f88821fceff6dc562e000828fd51cd757475fcd469776cb7785e2e82ec4cf08a1044dad047468c5
SHA1 hash: b6b4d5ae64717dea9492000e317fc370fa37b0fc
MD5 hash: 36733a707992f4e84c54691d69302a6e
humanhash: may-pluto-juliet-orange
File name:PO930832084.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:258'419 bytes
First seen:2020-07-03 06:45:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Q54GmWznnGasTAZ4YbigAkG8FYZcAZ7AZwnVY:mrzGvg4YMkG8Focu7qwe
TLSH BF441262A09B9B8AA6D475772C30260ADDC325C8F966B694C31BD42B511C1F1FEF74CC
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.206
From: admin <admin@jgpkg.com>
Subject: Re:Purchase Order
Attachment: PO930832084.zip (contains "PO930832084.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e50a6adc3a4af45a5cfac4a213be964aa7ed0db5eb8b13ed7c4fc99e160cbc67/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:46:07 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ufgvxb2jl2fuxh2ysrbhpuwjkt62dnv5ofrh3l4j7ez4fqmxrtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip e50a6adc3a4af45a5cfac4a213be964aa7ed0db5eb8b13ed7c4fc99e160cbc67

(this sample)

Formbook

Executable exe 00668e0dac77414a7a5fc8df4867e3a75fc928cdd97b57c068edb11522fecf97

  
Dropping
MD5 370cdd4fca95e154659920f86124091b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 00668e0dac77414a7a5fc8df4867e3a75fc928cdd97b57c068edb11522fecf97

Comments