MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6269d5b5d95bdc4f669146bd7c567c2ca798188ef74f960eae0689955b662d20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6269d5b5d95bdc4f669146bd7c567c2ca798188ef74f960eae0689955b662d20
SHA3-384 hash: 083561b981faf3cc47870b3edf4ebe24edd395a988d5607ce6c3090c09d8aa9fca9dbe37a0ba0238e01e986b1efe9cd3
SHA1 hash: 184f6b37e48d9be5011a76b3f0d8b1604558a9c1
MD5 hash: 55f5519453176fe2d3fd3da172717a94
humanhash: lion-lamp-michigan-mars
File name:10-12.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:368'122 bytes
First seen:2020-10-12 08:41:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:BnyChxKKW7TxlYvVBnb7+aEVfp60hc0BkL4TfGmLJxELNQaCvCaTFg1LND:BnyoxKPTxur7+a2Tap5PCKaTFkhD
TLSH 3774235353D07134A0F9DAC059E66F2BC6C28A8B8734662DE8E4BA705C0C758B2F6D76
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.bur-ibserte.com
Sending IP: 45.95.169.122
From: SURYA SDN BHD <info@bur-ibserte.com>
Subject: BANK IN COPY
Attachment: 10-12.zip (contains "10-12.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6269d5b5d95bdc4f669146bd7c567c2ca798188ef74f960eae0689955b662d20/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 08:01:10 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mju5lnozlpoe6zuri26xyvt4fstzqgeo65hzmdvoa2ezkw3gfuqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/6269d5b5d95bdc4f669146bd7c567c2ca798188ef74f960eae0689955b662d20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 6269d5b5d95bdc4f669146bd7c567c2ca798188ef74f960eae0689955b662d20

(this sample)

Formbook

Executable exe 0982a348bad7e99222ac6ec6c6dc2c113eb8adff8785bd1f371c5bc90b0025b3

  
Dropping
MD5 6a1894985e8298e12f7eeb2b11ba900c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0982a348bad7e99222ac6ec6c6dc2c113eb8adff8785bd1f371c5bc90b0025b3

Comments