MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e48c152e05bd4e93c718ab5dff9bc3cdc2b7f49aefa47a2dffe036b98e81a11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e48c152e05bd4e93c718ab5dff9bc3cdc2b7f49aefa47a2dffe036b98e81a11
SHA3-384 hash: 8867002d00b65a34ff7f0bbbcea6db38ace73b6ddb283cb702e654c755bb52df8b95d04696941c4c47adffbdd118a3ca
SHA1 hash: 738d43d2c4e4c9c5a5f0025bda4db9501ae0a85f
MD5 hash: 48678b940a4b141364135d2cc61fb415
humanhash: beer-steak-kentucky-delta
File name:SKM_C258201001130020005057.IMG
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2021-01-07 17:42:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:F2dhK1Znmbfv1HmbvTQy6DHVjymWvPMNnm:F2dcm7QQy+jZNn
TLSH 5245CF6DA376F1A9F48104FD340EEBAA800039346468C057B7CE6F1B2B716DAD959F1B
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: s29.xrea.com
Sending IP: 150.95.8.129
From: FedEx <auc0706@hkymail.com>
Subject: Unable to deliver your parcel
Attachment: SKM_C258201001130020005057.IMG (contains "SKM_C258201001130020005057.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e48c152e05bd4e93c718ab5dff9bc3cdc2b7f49aefa47a2dffe036b98e81a11/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 17:43:05 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jzemcuxalpkospdrrk2576n4htocw72jv35epiw77ybwxghidiiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Emotet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4e48c152e05bd4e93c718ab5dff9bc3cdc2b7f49aefa47a2dffe036b98e81a11

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 4e48c152e05bd4e93c718ab5dff9bc3cdc2b7f49aefa47a2dffe036b98e81a11

(this sample)

Formbook

Executable exe 997b74f9926081be742e384b2b9efec21a4aae1d8a17cc2ac9ac29b55d222e3d

  
Dropping
MD5 d699647d32df276b0fed56923a47f048
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 997b74f9926081be742e384b2b9efec21a4aae1d8a17cc2ac9ac29b55d222e3d

Comments