MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52eef168074e8e32b8aebcf995217653f7c049c25a0c9dce55565ce3840cd3af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52eef168074e8e32b8aebcf995217653f7c049c25a0c9dce55565ce3840cd3af
SHA3-384 hash: cac57e6e34ea144499d3409940b9a54c521f75d658c6fa4cb5a0b3bd023ed4d42d4d75e802228af26092d499337adc8e
SHA1 hash: ea5777aba0392ca14286dd128d0dbc7dfbe94166
MD5 hash: 8e041936f3859325d65fc19962bee0e3
humanhash: spaghetti-seven-river-fix
File name:RFQ-0947585.IMG
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-12-08 16:30:36 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:BIFAeQ5oauzXT+D/Puhybn/K5LmBnKhOogjBoJS8D3EwUH:BIeeQ5oaST+DHuhyb/K5LmUhOV+0XH
TLSH BA457A39E9A903E1E3F1397048B5002B991A9D9B5440C13FE3FF16F10E5E23D966D6BA
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: slot0.boaroldo.com
Sending IP: 45.85.90.126
From: Richard Oliveros<office@boaroldo.com>
Subject: Request For Quotation (RFQ 8674969)
Attachment: RFQ-0947585.IMG (contains "RFQ-0947585-pdf.pif")

Intelligence

File Origin
# of uploads :
1
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.7z_fs2609.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52eef168074e8e32b8aebcf995217653f7c049c25a0c9dce55565ce3840cd3af/
Threat name:
Win32.Trojan.Ulise
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 16:31:06 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=klxpc2ahj2hdfofoxt4zkilwkp34asocligj3tsvkzoohbam2oxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52eef168074e8e32b8aebcf995217653f7c049c25a0c9dce55565ce3840cd3af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 52eef168074e8e32b8aebcf995217653f7c049c25a0c9dce55565ce3840cd3af

(this sample)

Formbook

Executable exe 80647f6b0ee0d8b14ba78bbd6cbfdf6e332692af7eb0f3348fc76facc4ad23ef

  
Dropping
MD5 3ab79f4d0445d580c6a122e3e9fd818c
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80647f6b0ee0d8b14ba78bbd6cbfdf6e332692af7eb0f3348fc76facc4ad23ef

Comments