MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ceaad5c89e3c892eb1dc67ed493b2146bedc77f96ee7690504390a4fe88b30e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ceaad5c89e3c892eb1dc67ed493b2146bedc77f96ee7690504390a4fe88b30e7
SHA3-384 hash: ad725e69e60fa73bcc15da36ac39e4b0b59872cb10dba5a5175f4df9d5c8c755e4e15e2f47aff5b22eb2e96de31e0487
SHA1 hash: 400244a40a7759ad930e1490daa09994bb70ffcc
MD5 hash: 5a623767a8a129f153cbf2799c2547a5
humanhash: london-west-arkansas-social
File name:purchase order.sfx.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:609'644 bytes
First seen:2020-11-26 06:38:58 UTC
Last seen:2020-11-27 08:21:40 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:D/XCZiqfCN2hJYzFKy3JFE6H2IlyqrcjNXjj6Ckfjeg2hZ:LSjozFKy3JFE+ZlyTVjjIfjeg23
TLSH BAD4233D26D51DBDC2241E73699F2FECC4E9B635632B68C8F8698F9259413342F52813
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: idsolutionsindia.com
Sending IP: 92.118.190.190
From: olivia<info@idsolutionsindia.com>
Subject: PURCHASE ORDER39873
Attachment: purchase order.sfx.zip (contains "purchase order.exe")

Intelligence

File Origin
# of uploads :
6
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ceaad5c89e3c892eb1dc67ed493b2146bedc77f96ee7690504390a4fe88b30e7/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-11-26 06:39:05 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2vnlse6hses5mo4m7wusozbi27ny57zn3twsbiehefe72elgdtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip ceaad5c89e3c892eb1dc67ed493b2146bedc77f96ee7690504390a4fe88b30e7

(this sample)

Formbook

Executable exe 009d9a0f6fafa91b750271413fef5771a4ce5855a59c0e6c16c85eb7de08e52b

  
Dropping
MD5 975187a07455d3cbf38ec878d893b490
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 009d9a0f6fafa91b750271413fef5771a4ce5855a59c0e6c16c85eb7de08e52b

Comments