MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d699385c0da925021fc87919054f2548b86907eb6baa20d74d8a5bdae927f79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d699385c0da925021fc87919054f2548b86907eb6baa20d74d8a5bdae927f79
SHA3-384 hash: b2a7e5098a5ae174154362c8aca2d14b39a0270098b74be44b1a6381de330c72a870f0444cfa70dfd01895cf19526020
SHA1 hash: 489b4e5816d0c69de637734c543b2094e29a7591
MD5 hash: 2af6d3e4c7abc37e2feaf225d22a9488
humanhash: skylark-oven-equal-missouri
File name:PURCHASE ORDER_PDF.ace
Download: download sample
Signature Formbook
Create hunting rule
File size:469'358 bytes
First seen:2020-12-21 06:32:43 UTC
Last seen:2020-12-22 18:51:39 UTC
File type: ace
MIME type:application/octet-stream
ssdeep 12288:eTsfAszXni+/vHF2npBcTRnSBAqiqSodS88FW9k4p6ueUaq:csfAsrni+lMBOUliqTdSx889q
TLSH 61A423708040371FDC2E57E75546C79D2DFEEC7EB80B45268889C7BCCD9AA8B2886891
Reporter cocaman
Tags:ace


Avatar
cocaman
Malicious email (T1566.001)
From: ""Hussin (Emirates Tech)" <purchasedept@emiratestechnotrade.com>" (likely spoofed)
Received: "from postfix-inbound-0.inbound.mailchannels.net (inbound-egress-6.mailchannels.net [199.10.31.238]) "
Date: "Sun, 20 Dec 2020 12:49:59 -0800"
Subject: "WE NEED AN URGENT SUPPLY // Emirates Technotrade Group.//"
Attachment: "PURCHASE ORDER_PDF.ace"

Intelligence

File Origin
# of uploads :
3
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d699385c0da925021fc87919054f2548b86907eb6baa20d74d8a5bdae927f79/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 06:33:07 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6d699385c0da925021fc87919054f2548b86907eb6baa20d74d8a5bdae927f79

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

ace 6d699385c0da925021fc87919054f2548b86907eb6baa20d74d8a5bdae927f79

(this sample)

Formbook

Executable exe 82bce2eb0b0f2675b0ac41f33e8018bad765caeb084cfe7a6035fc4d9ea8f7ec

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 82bce2eb0b0f2675b0ac41f33e8018bad765caeb084cfe7a6035fc4d9ea8f7ec

Comments