MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc4846e68add90fbf85c273f8aafbd1cf06b15faba4b596bb5e471c094594b5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc4846e68add90fbf85c273f8aafbd1cf06b15faba4b596bb5e471c094594b5d
SHA3-384 hash: 7ec590aa17d7d516c21687458ac7dbf76a8729b364b038f0238c7879a90d759d2179d1de293f65ce053a07e46b6642fd
SHA1 hash: 6917019889098cbae1d793412217c8b58f0f4d4d
MD5 hash: 5f0063208060a776e25b4f40e4b2d50b
humanhash: arizona-east-quiet-eight
File name:Purchase Order.ace
Download: download sample
Signature Formbook
Create hunting rule
File size:733'490 bytes
First seen:2021-03-09 15:44:05 UTC
Last seen:2021-03-09 15:49:23 UTC
File type: ace
MIME type:application/octet-stream
ssdeep 12288:40FhvP/xhNxdgkZPLOpTuEof06Ehkbwlu6VIB6NdKakqqxIsfMw3L8:bd/jNfdf0JRAqKaRJsfMwQ
TLSH 80F43360A072B4DE8B452B9A7B457D25CAB7D36BA1F40CD4277D6898B7BCDB39C81080
Reporter abuse_ch
Tags:ace FormBook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: zbrinformatica.vservers.es
Sending IP: 188.164.198.33
From: Trillium Flow Technologies UK Limited <hopkinsons@trilliumflow.com>
Subject: PO765Y.
Attachment: Purchase Order.ace (contains "Purchase Order.exe")

Intelligence

File Origin
# of uploads :
4
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-03-09 15:45:06 UTC
AV detection:
16 of 47 (34.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3reenzuk3wipx6c4e47yvl55dtygwfp2xjfvs25v4ry4bfczjnoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/dc4846e68add90fbf85c273f8aafbd1cf06b15faba4b596bb5e471c094594b5d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

ace dc4846e68add90fbf85c273f8aafbd1cf06b15faba4b596bb5e471c094594b5d

(this sample)

Formbook

Executable exe b2fa4bbff4b67fef522c3b6cbc3a98b0c2f463045f19af5f96ee7a3c48ea9f93

  
Dropping
MD5 06229c1ff976866ca5e36c03343ec91d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2fa4bbff4b67fef522c3b6cbc3a98b0c2f463045f19af5f96ee7a3c48ea9f93

Comments