MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0776101cb89d89ec7acfb8cca20d575bcfd07345cc3e3401ccdd171523f1c5c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0776101cb89d89ec7acfb8cca20d575bcfd07345cc3e3401ccdd171523f1c5c1
SHA3-384 hash: f645eb685983415a341e8c80388c4b9877ba5e560224020fe9c1cf2880e02633026356d83abc47f411cc72163f5096d4
SHA1 hash: 5f25de7131bc1a73b94f3ec7c28057db28fab9bc
MD5 hash: 254089952a8153a4dab5034c5969ab2b
humanhash: eleven-illinois-video-sierra
File name:OrderList.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:238'908 bytes
First seen:2020-05-20 12:01:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:7Y/Wqb1/nVhpjY52KD1COEBJ31DApiVIwBrCJDGml4l:sOq/v4DsOEBJlF5dQl4l
TLSH FB342323F5BBEF0C8ABBB8E27B165C53496CC40D0D4AD56B9265658FF0EF9228831056
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: smtp.srnet.lv
Sending IP: 94.101.230.23
From: David Lorber <building@constructgroup.sk>
Subject: Purchase Request
Attachment: OrderList.zip (contains "OrderList.pif")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:30:13 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a53bahfytwe6y6wpxdgkedkxlph5a42fzq7diaom3ulrki7ryxaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 0776101cb89d89ec7acfb8cca20d575bcfd07345cc3e3401ccdd171523f1c5c1

(this sample)

FormBook

Executable exe 7b4dc733949d65f6a058326f41ce6281f9ac85a351c094363394fe95450336d2

  
Dropping
MD5 605be1171521a97a0732bae5e9d0e2ea
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7b4dc733949d65f6a058326f41ce6281f9ac85a351c094363394fe95450336d2

Comments