MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27cc4bf8347a0f75e7fde7c3f1019fe0d468435e9d013a7974613666c1268536. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27cc4bf8347a0f75e7fde7c3f1019fe0d468435e9d013a7974613666c1268536
SHA3-384 hash: 4c84e8c62075c496477998d440f84ab194d3eb9489ba6e42fc66d248466c8ca35e7f02adee69df2b5f3cf3cf354c1963
SHA1 hash: e764f26b8db16917f8bf63b995a3cb0249c4332d
MD5 hash: d7cc577c506fcba80edd5e5f99fad631
humanhash: juliet-pluto-low-bakerloo
File name:requesting quote.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:423'496 bytes
First seen:2020-07-30 07:44:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:TK2i+3hTcJZG60Iid4FrohSxApUW/ePm3:TKUeZGJ12NJm/Ss
TLSH 76942358C22947FF1763DABC88DB13948800F15725F6B2CA76B15D47EB29E6A23D43E0
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: server.megatroncorp.community
Sending IP: 162.241.205.158
From: Eric Schiegg <Eric.Schiegg@dvandersteenbv.nl>
Reply-To: Eric Schiegg <dvandersteenbv@europe.com>
Subject: AW: Quote!
Attachment: requesting quote.zip (contains "requesting quote.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27cc4bf8347a0f75e7fde7c3f1019fe0d468435e9d013a7974613666c1268536/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 07:46:10 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7gex6bupihxlz7547b7cam74dkgqq26tuatu6lume3gnqjgqu3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/27cc4bf8347a0f75e7fde7c3f1019fe0d468435e9d013a7974613666c1268536

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 27cc4bf8347a0f75e7fde7c3f1019fe0d468435e9d013a7974613666c1268536

(this sample)

Formbook

Executable exe abdda3f05f9a29ab8ea6f45d5249f04168a17f3b64034a3596f8b0f1701db1a5

  
Dropping
MD5 58ebb1300aa41122e258a1f4e47b1e34
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abdda3f05f9a29ab8ea6f45d5249f04168a17f3b64034a3596f8b0f1701db1a5

Comments