MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2715106667f44b99319d0cbfbf909e0e5fa527189739f5c0938976a30b9d8b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2715106667f44b99319d0cbfbf909e0e5fa527189739f5c0938976a30b9d8b2
SHA3-384 hash: 5fff9a9e2670aa2fd9a9464ae57b8ccca7eae50f1e35e62989e50a5d6cc9d3cd9a99c54838f0e82d569223196a0dc6be
SHA1 hash: e7f23485330e1e2df90589f1878e43f782b82efe
MD5 hash: 80300ce58c0f1845432ba9e95b6a742b
humanhash: kentucky-lion-angel-dakota
File name:Payment_Notification.pdf.pdf.IMG
Download: download sample
Signature Formbook
Create hunting rule
File size:1'011'712 bytes
First seen:2020-08-18 07:31:43 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Ph7FXHag5vM3NwJB99iGEgT5xUsJEWPIV/C6sZ1EUE1mA4RvEAU:Pvag5vjiGEg9NJ8/ZsZqf1mFRM
TLSH DD25D01C7562C429E2B82EB197D30A2C5E1A5ED87521600776FE5F9CBFB73C73A0A148
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cp.execmail.net.za
Sending IP: 45.222.124.40
From: Melissa Roy <dirk@jrmackays.co.za>
Reply-To: badrodeenm@yahoo.com
Subject: Payment
Attachment: Payment_Notification.pdf.pdf.IMG (contains "Payment_Notification.pdf.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2715106667f44b99319d0cbfbf909e0e5fa527189739f5c0938976a30b9d8b2/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 07:33:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wjyvcbtgp5clteyz2df7x6ij4ds7uutrrfzz6xajhclwumfz3cza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img b2715106667f44b99319d0cbfbf909e0e5fa527189739f5c0938976a30b9d8b2

(this sample)

Formbook

Executable exe 7f12ab6909f7a932ee097634ab529b1e2c1f07534097785c90ff03eb9671e784

  
Dropping
MD5 c6b17ba345f31f19dbd4f68ad398a7e9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7f12ab6909f7a932ee097634ab529b1e2c1f07534097785c90ff03eb9671e784

Comments