MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0645db9fe8ab0da561559bde1b140fc345875bd1da24c2bfd69e30b66396ad39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0645db9fe8ab0da561559bde1b140fc345875bd1da24c2bfd69e30b66396ad39
SHA3-384 hash: 6aba1557665c6dc4bcffb930b71787245898760e801b44306892567f8e4c48b0edc39d6418a73cba1d374eafc4566b87
SHA1 hash: 89d7fe76b9a138982addcb01822f4572769ed2b8
MD5 hash: 47f5e09c3676aa48fb87015c3be3cf93
humanhash: vermont-potato-snake-pip
File name:Order List.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:263'587 bytes
First seen:2020-05-11 12:54:41 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:aUFHKhtpnWmDdLjqN5pEfMSqKO+R5Zn5tQIuHzTt5VOg:Hhrm5qNLEUsvZ2J5VOg
TLSH B34423BE79A3A19FE939B2225E07B1354D4A0C1D70EF5E2A8984F354C1BD533E834B91
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: diamondhillplywood.pw
Sending IP: 198.148.118.105
From: Gabriele Minisini <GMinisini@atomat.com>
Reply-To: Gabriele Minisini <nayyaares@gmail.com>
Subject: Order List 11/5
Attachment: Order List.arj (contains "Order List.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 05:14:04 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=azc5xh7ivmg2kykvtppbwfapyncyow6r3ismfp6wtyylmy4wvu4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 0645db9fe8ab0da561559bde1b140fc345875bd1da24c2bfd69e30b66396ad39

(this sample)

FormBook

Executable exe 59fd7c02b088d002266c00f7f97f083d578fa76be1a1981961d6f411817f3f25

  
Dropping
MD5 946c335467377b4feac2753a2b06b8c0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 59fd7c02b088d002266c00f7f97f083d578fa76be1a1981961d6f411817f3f25

Comments