MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a32eb45d58adc9019886bb3103c8b90b7fc9d8de514bfd3834dc6c626b14a6d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a32eb45d58adc9019886bb3103c8b90b7fc9d8de514bfd3834dc6c626b14a6d1
SHA3-384 hash: dd80f9d9134f835ac79f28164145ba65577b960ae4f97736092084f0505913e010c0a64a652be629c1a5e8930fd663a0
SHA1 hash: 1f0d8547fd2a6b8a9d14e77a18d937b5681cd61d
MD5 hash: f8f6fdc48de6c798d3d7c876bf096892
humanhash: happy-victor-kansas-video
File name:PO_887800915332 pdf.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:361'472 bytes
First seen:2020-04-30 09:58:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:FxSvELcRz9Rzx0ZHa4J+RrPEgSU4V1BcfpHIcNUpV2b1zRnEWFxRzWqbOEQXKnUx:Fx4aKTIHJi4rBcfpeVSuW5WsQ5
Threatray 5'135 similar samples on MalwareBazaar
TLSH 2B74D022728B8807D9A408F04453660543B6EF9A6557FBDE6EC17AEE0BF37C17706293
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cpanel2.daffodilvarsity.edu.bd
Sending IP: 203.190.11.3
From: shichao.zhang@senis.ch
Subject: PO_887800915332
Attachment: PO_887800915332 pdf.zip (contains "PO_887800915332 pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 10:40:02 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=umxlixkyvxeqdgegxmyqhsfzbn74twg6kff72obu3rwge2yuu3iq._file
Verdict:
malicious
Similar samples:
09c8b2cb43b6f29d1dd7c642178ab2d89357005f7928dfb6ff5bdddba7be2891
Formbook
286add28a79440668077a7d762ee81ee169f1c08daa27bc680dbf8c8832d2785
Formbook
47d0a3fd48775f1ebe0290c493c5f485581e766c1ee4e6d2c7f1dbc077645079
Formbook
48bef4e5d2768c5ccbbc84d922a276484ce75ed236a72441b5148d7a541a52e3
Formbook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
Formbook
82033c587c540fbcaec2ffdc139b837868711343f8a4e9ae61c306426028ace7
Formbook
8b9bbca00335521a8fa45d5abf271ccf0eac27d70e44140355f7af671c3dbe7e
Formbook
b39707482b00744db8fa4b03ab586f8e7fc5da0e80143f32b05ac0fa1e8f3e1c
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
f7111becb8c59613ae4843dd30281edfa7684a931100f18fe64f75364ed85bf3
Formbook
+ 5'125 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip cc87abd4516f5e42b29d13fead1c248f530b22dca907ba15858ab57c9337fc21

Formbook

Executable exe a32eb45d58adc9019886bb3103c8b90b7fc9d8de514bfd3834dc6c626b14a6d1

(this sample)

  
Dropped by
MD5 059b3f20faadaf867eaf73dac107a1a3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cc87abd4516f5e42b29d13fead1c248f530b22dca907ba15858ab57c9337fc21

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments