MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffc15be0d4ef90d686ecd0a2f53b978bf5b7be00d41fd3300b3b02fbc41812b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffc15be0d4ef90d686ecd0a2f53b978bf5b7be00d41fd3300b3b02fbc41812b9
SHA3-384 hash: f6d0df6669f1eaaa7785e8a504c1a71996c7625518726e7fe23f7ddb41efe473ec3b2ca5e71e6c2a78e4dbd010868df7
SHA1 hash: f1a185127b3a1c880ae6688e648744ffdc7244cd
MD5 hash: 7c4809b9322a02708dedb70ed2db76fc
humanhash: wisconsin-skylark-steak-sad
File name:ScanHP20.10.20.Pdf.jpg.img
Download: download sample
Signature Formbook
Create hunting rule
File size:2'162'688 bytes
First seen:2020-10-20 07:27:42 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:R8q+UnQryEtFwMMKMEsDJU2WecwbxBMjhqJckVks0rxi6dLKUikgdY8SZPo4/Qf:nQGEtFwT3KYuFQ
TLSH 8BA59398365071DFC85BCE728AA81C64EB6078BA831FD243A01725EDE95DA97CF141F3
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: rdns0.pesaaf.xyz
Sending IP: 138.68.238.17
From: MayBank2u <contact1@maybank.com>
Reply-To: commercial.rlavel@gmail.com
Subject: MayBank Corporate Internet Banking!
Attachment: ScanHP20.10.20.Pdf.jpg.img (contains "ScanHP20.10.20.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffc15be0d4ef90d686ecd0a2f53b978bf5b7be00d41fd3300b3b02fbc41812b9/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 23:00:17 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=77avxygu56innbxm2crpko4xrp23ppqa2qp5gmalhmbpxrayck4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/ffc15be0d4ef90d686ecd0a2f53b978bf5b7be00d41fd3300b3b02fbc41812b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img ffc15be0d4ef90d686ecd0a2f53b978bf5b7be00d41fd3300b3b02fbc41812b9

(this sample)

Formbook

Executable exe 3ea9584d4931293645529b071a4b0ae494a85638bbb9f0d1083e8dd3cc0ac54f

  
Dropping
MD5 c65a72e63cd0a5c42496f3c9ab26e76e
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ea9584d4931293645529b071a4b0ae494a85638bbb9f0d1083e8dd3cc0ac54f

Comments