MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 586c410336ae0379eb7b26cf439154e854b7b63bf0cd5ff3a967c4fac3f1c9c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 586c410336ae0379eb7b26cf439154e854b7b63bf0cd5ff3a967c4fac3f1c9c2
SHA3-384 hash: 6581a8fe673fa426e1cbb17f4ad8840400b6bd6f91fdd914929aaa0822f363dcd5c87b8d7a7c9dada1ea978c4e42338e
SHA1 hash: 5306a4f31e72f3c7f7db30e73b95b5ee42c44bf2
MD5 hash: c3b5a5df303751cada2338dc9d785432
humanhash: mountain-blossom-zulu-sixteen
File name:REQUIRE QUOTION.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:201'707 bytes
First seen:2020-10-12 05:51:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:n7JnvvHHPqrLGgFUZTADan9SpoolgG1TVUPsNw5hlP/XDsq:xfHPqmgOqAUooPuhVTsq
TLSH CB14123907454177F0599D23C82EFD6F9F63C8446CB568ACECC08BDD6A6A202EB12D78
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps-4722982.planum.io
Sending IP: 162.241.93.149
From: HMG UK Ltd <site-naoresponda@extinfar.com.br>
Reply-To: xiaoxiaocaomeisales2@live.com
Subject: Greetings & Quotation
Attachment: REQUIRE QUOTION.rar (contains "REQUIRE QUOTION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/586c410336ae0379eb7b26cf439154e854b7b63bf0cd5ff3a967c4fac3f1c9c2/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 02:01:07 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lbwecazwvybxt233e3huheku5bklpnr36dgv745jm7cpvq7rzhba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/586c410336ae0379eb7b26cf439154e854b7b63bf0cd5ff3a967c4fac3f1c9c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 586c410336ae0379eb7b26cf439154e854b7b63bf0cd5ff3a967c4fac3f1c9c2

(this sample)

Formbook

Executable exe 0e9d08e343babe7fc9d6e9a9df3e29b8b5bd4b080a5cb32bd744cf02997d93cf

  
Dropping
MD5 6623fbc4a41169745cb9195e65b6e51e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e9d08e343babe7fc9d6e9a9df3e29b8b5bd4b080a5cb32bd744cf02997d93cf

Comments