MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a40b8b17a339d10e600934f6960ab75b419ec7e013c0d6b5b9e245c70dff170. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a40b8b17a339d10e600934f6960ab75b419ec7e013c0d6b5b9e245c70dff170
SHA3-384 hash: 847afd2389430fcdd6dcafe9f786fa322c8f3c6fd0d32234fa8a9e2c139e935d12c5c323aa4bc38d0bfa835d9a5d7f26
SHA1 hash: b97bbef21e73895131560d28d52412e476387fcc
MD5 hash: 7f1907bf60230960d1e5e87a8dd0b55e
humanhash: may-victor-indigo-moon
File name:RFQ-Cona Import2020112.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:318'815 bytes
First seen:2020-06-29 06:20:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:DS4oIl3sDlTqs3OrwEdSr1bhosv3WyFuOuHdHe1IvKqPlSgrtX:2p8cDlus+rbSZbqGM+qvGgt
TLSH E36423E95CC404EC2926D94D0CD2FFA81F0B979919E59CBCC1968FFDAF6E84087D9424
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mailer.digitalterra.life
Sending IP: 142.202.188.254
From: Cona Import <varitron@ms15.hinet.net>
Reply-To: david@kelichna.com
Subject: RE:RFQ-Cona Import2020112
Attachment: RFQ-Cona Import2020112.rar (contains "RFQ-Cona Import2020112.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a40b8b17a339d10e600934f6960ab75b419ec7e013c0d6b5b9e245c70dff170/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:22:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bjalrml2goorbzqasnhwsyflow2bt3d6ae6a2223tysfy4g76fya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 0a40b8b17a339d10e600934f6960ab75b419ec7e013c0d6b5b9e245c70dff170

(this sample)

FormBook

Executable exe 8319e58d392d571380931f7b06155190f296ce4f2af54af1f0fc2383f8569c4f

  
Dropping
MD5 b2a80a67249ee6a96982faa9327f7a31
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8319e58d392d571380931f7b06155190f296ce4f2af54af1f0fc2383f8569c4f

Comments