MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a85629e8c723a5451d17b8eea3c49c261313ce4f2e81a475c8d225f429599ce8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a85629e8c723a5451d17b8eea3c49c261313ce4f2e81a475c8d225f429599ce8
SHA3-384 hash: 4392eb704aff7aac3296dba2ebe5621b648b9b08979adde3acf803c348419b16de6f502f00efad2629312f2ae7eccd52
SHA1 hash: 0ce5d38e6de352ff682b5d7f1fbfa0b1f3a31883
MD5 hash: a46f01421eb9301306570fad459b1831
humanhash: eight-maine-zulu-south
File name:New Purchase Order 501,689.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:616'873 bytes
First seen:2020-10-13 17:51:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:fXUfmjjH6tIUrY4ILuH0zXDa20hLzDg70VUAB2FcRQfV66d/8oaM7O89qj:sujGfH0zXDgZE4VWoAVnU+q89qj
TLSH FED4237938D94CA2D6871CB524A0DE0527C035552ED872CCAAD12E42FB9E57C98DF24F
Reporter abuse_ch
Tags:FormBook GMX rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mout-xforward.gmx.com
Sending IP: 82.165.159.131
From: Vincent Ye <vincent.ye.narmah@mail.com>
Subject: Re: Purchase Order Details
Attachment: New Purchase Order 501,689.rar (contains "New Purchase Order 501,689$.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a85629e8c723a5451d17b8eea3c49c261313ce4f2e81a475c8d225f429599ce8/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 16:01:52 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vblct2gheosukhixxdxkhre4eyjrhtspf2a2i5oi2is7ikkzttua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a85629e8c723a5451d17b8eea3c49c261313ce4f2e81a475c8d225f429599ce8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar a85629e8c723a5451d17b8eea3c49c261313ce4f2e81a475c8d225f429599ce8

(this sample)

Formbook

Executable exe da625c254e8607b0fdcde2ec95e4ecfd1822cfe736d3d9d48c5795e928fb6b7f

  
Dropping
MD5 e86e20b8871a4bc833ff0965fae5cf24
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da625c254e8607b0fdcde2ec95e4ecfd1822cfe736d3d9d48c5795e928fb6b7f

Comments