MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4040d1d24a7b4d2aed9ec8abffeabdbf70dc8d7c0e41f1fd122ceb16f6b14122. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4040d1d24a7b4d2aed9ec8abffeabdbf70dc8d7c0e41f1fd122ceb16f6b14122
SHA3-384 hash: 8c711b6e92b85ab2e496fe3fe174c6fe8a86c2e784fafe696378effecdf30ca96b1c85efbf8a468725dc56b9b9750b64
SHA1 hash: 77e4ec94d891f4911426c70ed5bcbf21913a373d
MD5 hash: 51b5b9f132cda7eff814c1ebaa7a7543
humanhash: golf-april-california-uniform
File name:PO_NO.3791061.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:333'025 bytes
First seen:2020-06-26 08:01:40 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:WsfP6jMAdgicwiJe93Bctdh+PElaaPQ9oFI19ZtFrElm79lqFWhmVp2gP:PfP6jM6giUeRBctgzaPQOCtEmgWhmP2C
TLSH 006423613BDF3204D22B5065B65B838ECA67C05F29F11CF0EA00540ADAEFD7912DAF96
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: WIN-4K804V6ADVQ
Sending IP: 45.147.230.222
From: Jeanne <Petra.Pfister@bierihydraulics.com>
Subject: NEW ORDER
Attachment: PO_NO.3791061.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.349.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4040d1d24a7b4d2aed9ec8abffeabdbf70dc8d7c0e41f1fd122ceb16f6b14122/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 08:03:06 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibanduskpngsv3m6zcv772v5x5ynzdl4bza7d7isftvrn5vriera._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 4040d1d24a7b4d2aed9ec8abffeabdbf70dc8d7c0e41f1fd122ceb16f6b14122

(this sample)

Formbook

Executable exe 0cbc16717ef6c0d7e1d8ac2abba091925aec1b77db20cbff97407fcd5288736b

  
Dropping
MD5 d0b7a3629cf313010cc98c5006c71ad3
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0cbc16717ef6c0d7e1d8ac2abba091925aec1b77db20cbff97407fcd5288736b

Comments