MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d484397e9e3756569b411c995ea15aa523075f7b31172a956999ffe8c7c2d11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d484397e9e3756569b411c995ea15aa523075f7b31172a956999ffe8c7c2d11
SHA3-384 hash: a8f13ea6f8c2ee000d5c1495271c0009f1c0d46b142aeefb7e4a9980a15080346db21d0eb27715f75d5ef27785174feb
SHA1 hash: 64978e985af957bc383a7749202edbf410b226ed
MD5 hash: 0ec2b8a08087710a8f03291ff487f083
humanhash: venus-sierra-network-illinois
File name:INV-982982782766.IMG
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2021-04-19 08:57:24 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:tvntIe8kLBBeb6FZh2zXCUoGRvaNRRRRRN:ltIPkL2IZ4LCU3RaRRRRR
TLSH 8B45F0295F844EDBD75E08BD44E2623553B7C556B283F7C8AF8620F90E8A700ADD8397
Reporter cocaman
Tags:DHL FormBook img


Avatar
cocaman
Malicious email (T1566.001)
From: "DHL Express <info.usa@era-contact.com>" (likely spoofed)
Received: "from mail9.hainan-mieda.com (bizcloud-inbox.hainan-mieda.com [139.59.0.209]) "
Date: "19 Apr 2021 01:17:34 -0700"
Subject: "DHL Shipment Notification / Delivery Documents"
Attachment: "INV-982982782766.IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d484397e9e3756569b411c995ea15aa523075f7b31172a956999ffe8c7c2d11/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nveehf7j4n2wk2nuchezl2qvvjjda5pxwmixfkkwtgp75dd4fuiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6d484397e9e3756569b411c995ea15aa523075f7b31172a956999ffe8c7c2d11

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 6d484397e9e3756569b411c995ea15aa523075f7b31172a956999ffe8c7c2d11

(this sample)

Formbook

Executable exe 07f112fbe5d3677503d19457331c28fdbf1a82e2268a80b6753e483ccce3722d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 07f112fbe5d3677503d19457331c28fdbf1a82e2268a80b6753e483ccce3722d
  
Dropping
Formbook

Comments