MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31c6c718af7b62a1589d3ea1763de63518721edfbe7ee67f71b9dc9b5aee1d54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31c6c718af7b62a1589d3ea1763de63518721edfbe7ee67f71b9dc9b5aee1d54
SHA3-384 hash: 5ac0556d767778bea44fbe7ccaa59b7afa2a41ebf4388c907b8e5346c608683157239b986f53769b8f3c46ce58cd9ca8
SHA1 hash: d33904ba34ac0bfdf0c69f4d297d3269405a1ec9
MD5 hash: 54748fa37f84c367fab820f426bde372
humanhash: enemy-seven-west-king
File name:EVPO1061 + EVPO1062.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:643'598 bytes
First seen:2020-10-22 06:44:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:hPSDkEXrEH+lT7vCoAVB3ofX290eMJSCFOf/JTgH0+C2tCL5D6w:04pAkNbASCFOf/NgH0StCJ6w
TLSH 4ED433293BA83F0601A6BCC6386D54598932B31B3F725E948CDE47CB4147FA6F857D0A
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: dlveltex.co
Sending IP: 111.90.140.219
From: Monica Daqua <Monica@dlveltex.co>
Subject: E: SV: SV: EVPO1061 + EVPO1062
Attachment: EVPO1061 + EVPO1062.rar (contains "EVPO1061 + EVPO1062.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31c6c718af7b62a1589d3ea1763de63518721edfbe7ee67f71b9dc9b5aee1d54/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 02:30:37 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ghdmogfppnrkcwe5h2qxmppggumhehw7xz7om73rxhojwwxodvka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 31c6c718af7b62a1589d3ea1763de63518721edfbe7ee67f71b9dc9b5aee1d54

(this sample)

Formbook

Executable exe b996922b219a28e3e73b7fcd375c012315b2327ba851109df3a9f3e5c884cbc4

  
Dropping
MD5 dd0a78b5ea4638b137a4dfa5339536f0
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b996922b219a28e3e73b7fcd375c012315b2327ba851109df3a9f3e5c884cbc4

Comments