MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb6d01d88aec99cbacab76b08bbaa856f853a0575cf7e11502346487a7d771fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: eb6d01d88aec99cbacab76b08bbaa856f853a0575cf7e11502346487a7d771fe
SHA3-384 hash: 98d21b3faafc77121a664cae1ff2fcb1077f892f3a8b0da636207e0f359af6a14788e68d4ce4b7b121ab186f8c681fe3
SHA1 hash: 7e27f37c7ea953cec41a512bb62b9eef3674af5a
MD5 hash: fa78387e7a6a23913b78c7634b185a9f
humanhash: johnny-autumn-alaska-colorado
File name:ATR1.7z
Download: download sample
Signature n/a
File size:437'895 bytes
First seen:2020-07-31 10:03:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HxJzbG0eagSzLKkUnPl4QpXYMfNqTAEYCFpDbKHQa:HxJGFAORPd1cTATgXwQa
TLSH 659423C65B1CFDE628F7D83286D3A8D6EB024C870DF76475617EC7B6A04889316109BA
Reporter @abuse_ch
Tags:7z FormBook


Twitter
@abuse_ch
Malspam distributing FormBook:

From: "Cassandra Sakir" <sakir@ozanadolu.com>
Subject: RE: OPTSA Shipping Documents Demand
Attachment: ATR1.7z (contains "ATR1.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
FR FR
Mail intelligence
Geo location:
IT Italy
Volume:
Low
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-30 23:09:01 UTC
AV detection:
20 of 48 (41.67%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip eb6d01d88aec99cbacab76b08bbaa856f853a0575cf7e11502346487a7d771fe

(this sample)

  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments