MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52ea14187ee628525da6877998367c168790a48906080526a6cf2de5a37317df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52ea14187ee628525da6877998367c168790a48906080526a6cf2de5a37317df
SHA3-384 hash: f3c3ab0a26a7a5c8ad4a3141ead7141ae4db3f6dd951bb74234100105cbe4382ad1c341e8fa8e3fa82126e638bc9d0d7
SHA1 hash: ce152f15c1d3373c85e5c21f8f8ebc217d18c16d
MD5 hash: c5327efde7ab27a54ddb1bf719bab19f
humanhash: green-september-blossom-river
File name:056188.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-18 09:53:02 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:wN1gS14FFhvAqvxXdF9UWK5WpLyz+ovpoKLZRxPZTEkI8gYdKwQ+xQ8j8My:wN1gS1QbvgWK5WpLydveKtRnYKxQ8w
TLSH 8C454A3A29828E34C42F527170285AC6E2276E153EE48BEE63CF5FC87F0155B766650F
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: parsitek.ir
Sending IP: 5.182.47.42
From: hello@parsitek.ir
Subject: RFQ (Request For Quotation) NO :PE-PI-GK-056188-EXTENDING THE BID!
Attachment: 056188.img (contains "056188.pdf.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52ea14187ee628525da6877998367c168790a48906080526a6cf2de5a37317df/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 09:54:11 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=klvbigd64yufexngq54zqnt4c2dzbjejayeakjvgz4w6li3tc7pq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 52ea14187ee628525da6877998367c168790a48906080526a6cf2de5a37317df

(this sample)

Formbook

Executable exe 777d646e09cf725986f3617d40d5bca943d077015759e346e3e8f5314cac13ce

  
Dropping
MD5 9e3f16a54c2e600f03caae92bf77c702
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 777d646e09cf725986f3617d40d5bca943d077015759e346e3e8f5314cac13ce

Comments