MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81baf7457f6b785afef4af8845746a7ee0c2c2a9611884cb232c2e6b31e5e58d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81baf7457f6b785afef4af8845746a7ee0c2c2a9611884cb232c2e6b31e5e58d
SHA3-384 hash: 46d95aeeb80c65e59a8b063edd24490ab445ea118c3befc50497502edd6aa11dff27751101115a7597f9b8586bf64056
SHA1 hash: 584d4eb574bff4198825aff045524fa40bb2357f
MD5 hash: 8cdfe716f1f7545795e4f3f7853cac29
humanhash: salami-arizona-magazine-winner
File name:SUNIL200641877-1.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-17 19:05:29 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:mkEN9Jz44kdVNmMu5dTJQJsRHTQE6gAq76J/Wt91ds:axzgdqMu5FJaspTGt
TLSH DB45E09E66C51913C938AA735262933C23F6430760A7DB25F8AF03937F53FE92A516C4
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: wm4-150.speedhosting.co.kr
Sending IP: 111.92.189.150
From: 최배진 <bjchoi@sunil.co.kr>
Subject: Re: sunil group inquiry
Attachment: SUNIL200641877-1.img (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/81baf7457f6b785afef4af8845746a7ee0c2c2a9611884cb232c2e6b31e5e58d/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 19:07:06 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qg5porl7nn4fv7xuv6eek5dkp3qmfqvjmemijszdfqxgwmpf4wgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/81baf7457f6b785afef4af8845746a7ee0c2c2a9611884cb232c2e6b31e5e58d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 81baf7457f6b785afef4af8845746a7ee0c2c2a9611884cb232c2e6b31e5e58d

(this sample)

Formbook

Executable exe e32ab460f506ba81578c70cf8bb1689721295e6f6e0dfc002a4a07e25092fb81

  
Dropping
MD5 29a632a506f972bad972af97ebc8359b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e32ab460f506ba81578c70cf8bb1689721295e6f6e0dfc002a4a07e25092fb81

Comments