MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 557dda72d65c4c126a2442cfb3dc831c199fc4883b8c0c764b3d52f68769694f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 557dda72d65c4c126a2442cfb3dc831c199fc4883b8c0c764b3d52f68769694f
SHA3-384 hash: 125f8fe90b4b6614a8ed9b8ab9bc06fc04b3eb55b52f607ae25bde4abd21dacbc2f94c0b23e222cc1eb17ebc2970e9bc
SHA1 hash: 883172bebecf282015f407f819ab4b354bfbf4c7
MD5 hash: 342e94502dc58950ab5f5b6e31e8bf2d
humanhash: glucose-diet-april-bravo
File name:Purchase Order.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:234'195 bytes
First seen:2020-10-21 13:07:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:wvRbw/h1N3N1b4Nh1oT5tM8OXVPpNcTGSr/vp:K+/hbnb47WTBARNcTGm/vp
TLSH CC342321A3C446699113C7BA1BF24D773DECC0B4F92F46524E4DE0C7B21EAC26AC99B5
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mg2.eee.tw
Sending IP: 103.17.10.232
From: fae@atom-tec.com
Subject: RFQ # Q20182401 // ORDER_N ° 10014 // New_Suppliers_Ord er / [OCT-DEC]
Attachment: Purchase Order.rar (contains "Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/557dda72d65c4c126a2442cfb3dc831c199fc4883b8c0c764b3d52f68769694f/
Threat name:
ByteCode-MSIL.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 12:29:34 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kv65u4wwlrgbe2reilh3hxeddqmz7reihogay5slhvjpnb3jnfhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/557dda72d65c4c126a2442cfb3dc831c199fc4883b8c0c764b3d52f68769694f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 557dda72d65c4c126a2442cfb3dc831c199fc4883b8c0c764b3d52f68769694f

(this sample)

Formbook

Executable exe c19dda3e71d3e8166c0d106f10eb9fc58036286e50c0cd31dd4efd8a1bc82e7e

  
Dropping
MD5 e6658632d91b3b74f74348ed5ab1e0f8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c19dda3e71d3e8166c0d106f10eb9fc58036286e50c0cd31dd4efd8a1bc82e7e

Comments