MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e84aae0b59eff4eca6151b51f9da47459ca6812fb37e605241ddf616573d683d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e84aae0b59eff4eca6151b51f9da47459ca6812fb37e605241ddf616573d683d
SHA3-384 hash: e5a6a0b65cec2e206b9742b14a45e8058911f7614fe6ccfb5fc2d0444c5cffd1a21a8c36b7dd3da4688cf8a581f0ef9d
SHA1 hash: b361ec0e67019397822e8a0ce6b77d124b43d42a
MD5 hash: 6486dfcdaaebc052a095ca9f3ebd3990
humanhash: oven-table-johnny-fifteen
File name:Csepel Metall Iron Foundry Ltd - Quotation.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:595'542 bytes
First seen:2020-10-27 10:11:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:oezNeb6XzWyArnCuzuFWxKRWbTOMyUiAUJ0y:ooc6XzkrnCIuF4KRYhpiAUJR
TLSH 59C423E147026093E961D8FCC9CF72B17EF2E406651844DAC8E6975AAFFC12762C2DD2
Reporter abuse_ch
Tags:FormBook Hostwinds zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: client-108-174-203-66.hostwindsdns.com
Sending IP: 108.174.203.66
From: laszlo.erseki@csepelmetall.hu
Reply-To: engineering@engineer.com
Subject: Csepel Metall Iron Foundry Ltd
Attachment: Csepel Metall Iron Foundry Ltd - Quotation.zip (contains "Csepel Metall Iron Foundry Ltd - Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.15351.28425.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e84aae0b59eff4eca6151b51f9da47459ca6812fb37e605241ddf616573d683d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-27 06:52:12 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5bfk4c2z572ozjqvdni7twshiwoknajpwn7gausb3x3bmvz5na6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip e84aae0b59eff4eca6151b51f9da47459ca6812fb37e605241ddf616573d683d

(this sample)

Formbook

Executable exe 0492389f51ea478d6b922d2e41b7f8bf54c7231ed062bae93b8ede289926db7f

  
Dropping
MD5 6c42c9477ea55f99843416331ee773c7
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0492389f51ea478d6b922d2e41b7f8bf54c7231ed062bae93b8ede289926db7f

Comments