MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5eb81f54c6379536ea2ff56dbd0cf27926dc144a9e0ec6dbaa2dc37ca6da26f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5eb81f54c6379536ea2ff56dbd0cf27926dc144a9e0ec6dbaa2dc37ca6da26f9
SHA3-384 hash: b451e656db16351ee069b11b92a812ef16682396e396a9c7103c27d5a3864979a15431cbfca21ba9a1c2fb77aa8da8dd
SHA1 hash: ef363721d9e62a90059bba9e8e0a95999391a01e
MD5 hash: 8301c7d1f8f731ca5a0f5eba22796908
humanhash: zulu-island-cold-nine
File name:Dhl package - pdf.ace
Download: download sample
Signature FormBook
Create hunting rule
File size:403'016 bytes
First seen:2020-09-04 20:27:36 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 12288:5Bmv2K4UXilqJbCHV9nZg6QRbPr8SX8NznVQhGo:+7LXilqJbC7nHMbj7MjQco
TLSH 17842371A557E38B5B8F12A702BB798DB0A8E7D98264D39DE91E94207CCCFD005538D3
Reporter cocaman
Tags:ace


Avatar
cocaman
Malicious email
From: "Dhl Xpress" <user545@edfaqan.com>
Received: from api.edfaqan.com (unknown [165.227.199.176])
Date: Fri, 04 Sep 2020 17:51:36 +0800
Subject: Re: DHL PACKAGE ARRIVAL
Attachment: Dhl package - pdf.ace

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5eb81f54c6379536ea2ff56dbd0cf27926dc144a9e0ec6dbaa2dc37ca6da26f9/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-09-04 09:28:23 UTC
File Type:
Binary (Archive)
Extracted files:
41
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5eb81f54c6379536ea2ff56dbd0cf27926dc144a9e0ec6dbaa2dc37ca6da26f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

ace 5eb81f54c6379536ea2ff56dbd0cf27926dc144a9e0ec6dbaa2dc37ca6da26f9

(this sample)

FormBook

Executable exe cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a

Comments