MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ece024ccd4accbc99e106f03c4b4764765b37615e3caa0b021084ac5f689cc3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: ece024ccd4accbc99e106f03c4b4764765b37615e3caa0b021084ac5f689cc3e
SHA3-384 hash: 5f786424bcf6a63fdb5de6276b0ddefa80f705446d51a677217634852462a15e1fdcc5c24a61441e9f5411ceb222b31d
SHA1 hash: 1c487bae47d8f81ab5b2f851ace41b3520e0e77e
MD5 hash: e4df03f1fc29eb4fc32a0801b26ce6ed
humanhash: north-oklahoma-mirror-comet
File name:2nd PO389733.exe
Download: download sample
Signature FormBook
File size:359'936 bytes
First seen:2020-06-30 13:32:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:IlcRkLx5GlHfiV7fZKB6zYF13oWzp+JCq+lqFfdyxgXtQ/PHa/izoTs:AcRkd5Gl/47fZwWEOOp+JrwqBdyYtQ/x
TLSH 5A74D038321F6933CE6801F64583A60413B85DA53492F3D6EDCE30D916F6BEE9701A6B
Reporter @abuse_ch
Tags:exe FormBook

Malspam distributing FormBook:

Sending IP:
From: Leona <>
Subject: Re:Urgent Order
Attachment: (contains "2nd PO389733.exe")


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 42
Origin country US US
CAPE Sandbox Detection:n/a
CERT.PL MWDB Detection:formbook
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:34:07 UTC
AV detection:22 of 31 (70.97%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
VirusTotal:Virustotal results 30.56%

Yara Signatures

Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_formbook_g0
Author:Slavo Greminger, SWITCH-CERT

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe ece024ccd4accbc99e106f03c4b4764765b37615e3caa0b021084ac5f689cc3e

(this sample)

Delivery method
Distributed via e-mail attachment