MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9529ab716a6b84cd807915b6d7b8153962fd90a803eb96bb5f3a98fac3193e4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 9529ab716a6b84cd807915b6d7b8153962fd90a803eb96bb5f3a98fac3193e4e
SHA3-384 hash: 774ead231dc01cc3529356a9f7c49329b215db711605689eaf6a4724044ccf7f103122e31e73c6a25cbe37140afd4b37
SHA1 hash: 04f1118b8222707e4b5682b94c3b7a1dd23b3233
MD5 hash: 55d88e4bca527e14603d78f69a55f697
humanhash: cup-bluebird-illinois-pasta
File name:PO389732.zip
Download: download sample
Signature Formbook
File size:267'180 bytes
First seen:2020-06-30 05:22:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:QrmzOJQ+zHu6VMKNoGfHT4zDZ8LaMfXF9WzVYvg:guOJQ4XVZN34B8L1fPEj
TLSH 0C44230FC234FF13A54FED763D78E5336861E1B5A6EA37345CA143BA4A1A560CC2622D
Reporter @abuse_ch
Tags:FormBook zip


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.202
From: Leona <admin@yingshitech.com>
Subject: Re:new order
Attachment: PO389732.zip (contains "PO389732.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
36
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-06-30 05:23:04 UTC
AV detection:
23 of 48 (47.92%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 9529ab716a6b84cd807915b6d7b8153962fd90a803eb96bb5f3a98fac3193e4e

(this sample)

  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment

Comments