MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 fe52c98bfa1f03fa429f4044d5e5bfc3cfd4a571a0f6d37e955397cf583cace5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | fe52c98bfa1f03fa429f4044d5e5bfc3cfd4a571a0f6d37e955397cf583cace5 |
|---|---|
| SHA3-384 hash: | e6d579e5776a408be552ab9f87ce6fc296d763bc5967440d7e9a2c280d74e0662fa3aafaf5431d726ff0f0f90a220afa |
| SHA1 hash: | 3a3e62a0d6955e9330188025b76e9f52a5c0a6d0 |
| MD5 hash: | c1dec7a466845fe68e1c9deb52cf7ffa |
| humanhash: | west-muppet-don-princess |
| File name: | SHIPPING DOCUMENT.exe |
| Download: | download sample |
| File size: | 1'255'424 bytes |
| First seen: | 2020-05-13 10:09:01 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 3d95adbf13bbe79dc24dccb401c12091 (881 x AgentTesla, 737 x FormBook, 236 x SnakeKeylogger) |
| ssdeep | 24576:Wtb20pkaCqT5TBWgNQ7a/uYiBC6z+FoYuoNwtX+xk6A:DVg5tQ7a/uYiM6z+FoYhNwAe5 |
| Threatray | 3'130 similar samples on MalwareBazaar |
| TLSH | A045D01373DEC365C3B25273BA257701AEBB78250AB1F96B2FD4093DE820162525E673 |
| Reporter |  abuse_ch |
| Tags: | exe |
abuse_ch
Malspam distributing unidentified malware:HELO: mail0.61.menxtinuon.casa
Sending IP: 161.35.65.177
From: Export & Logistics <61.menxtinuon.casa>
Subject: URGENT!!! SHIPPING DOCUMENTS// CLGQOE191782 //
Attachment: SHIPPING DOCUMENT.arj (contains "SHIPPING DOCUMENT.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Status:
Malicious
First seen:
2020-05-13 03:27:58 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
26 of 31 (83.87%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 3'120 additional samples on MalwareBazaar
Result
Malware family:
formbook
Score:
10/10
Tags:
family:formbook persistence rat spyware stealer trojan
Behaviour
Delays execution with timeout.exe
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Drops file in Program Files directory
Suspicious use of SetThreadContext
Deletes itself
Reads user/profile data of web browsers
Adds policy Run key to start application
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.covpsychiz.info/hx210/
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe fe52c98bfa1f03fa429f4044d5e5bfc3cfd4a571a0f6d37e955397cf583cace5
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.