MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2c6cf655052d9ee3822be859e12d3ea70e1ef8120e4f53c0b407a200c92fb08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2c6cf655052d9ee3822be859e12d3ea70e1ef8120e4f53c0b407a200c92fb08
SHA3-384 hash: de3cf6af91f11fc6ab6c99840305845a13d8a9e4991db691b272e23af4e715764fdf3c793296ab9dc3e8bdfd42f58c0c
SHA1 hash: 1db6fe5c3e94cfa4d5819ba0ed1ad925efa9de02
MD5 hash: 7945cab0e83eb975bfb52b3c6ebe7442
humanhash: robin-mountain-west-london
File name:Swift Payment copy_img.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-20 06:58:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:eD5qUFfG5sWAI3N4WIDPZnCaUkq3P46/G:WqlsWf4nPBC9HPx
TLSH 5245AD2412D9D22ADB9F46B5CC91550C27E598FA0CCAAF4DACD670EFE9A634FC80501F
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: msashipping.com
Sending IP: 50.116.1.181
From: Ester Swinkels <mktgtpr@msashipping.com>
Subject: TT advance payment
Attachment: Swift Payment copy_img.img (contains "Swift Payment copy_img.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SiggenNET.5.2300.25050.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:36:53 UTC
File Type:
Binary (Archive)
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ldm6zkqklm64obcx2cz4ewt5jyod34bedspkpalib5cades7mea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img e2c6cf655052d9ee3822be859e12d3ea70e1ef8120e4f53c0b407a200c92fb08

(this sample)

Formbook

Executable exe aeeabfa8e9e939e37ea0207919fdc7451ab015e81e5b908dc6d50e8ab9bdf7eb

  
Dropping
MD5 03e03bf3e8425ac7901d8b2d3a62d8b8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aeeabfa8e9e939e37ea0207919fdc7451ab015e81e5b908dc6d50e8ab9bdf7eb

Comments