MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0eaa411d40028430e9194525daa73fac9c05010a32708147bb45b8bbd8455d5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0eaa411d40028430e9194525daa73fac9c05010a32708147bb45b8bbd8455d5d
SHA3-384 hash: c7de9ea9ad55a0619040aa871d090bae2e6d87946b989973239d095af7611edc2e29b20269776a28924d7749b9582711
SHA1 hash: df645bc5462e7cbb4b7a8ac2784f523f8d9ec12b
MD5 hash: 850033b819979e56d3f0d802e378251e
humanhash: autumn-low-black-hydrogen
File name:Inquiry.exe.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:324'914 bytes
First seen:2020-06-10 07:35:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:E2G5Rv1tmBsMJ45uDFrt4J0wA/Eg5uZuXRT9nUtMpnLcrqfm+48Gs:Er5h1tmBsMacD5tFPcyuZe+CpLcrqfma
TLSH C564236FFD4DD91967AF3BCB4EEA4003C1E49A8A049C5C358D2390572CFEE6B6D48906
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: WIN-KP3NFSDUTC3
Sending IP: 172.93.161.29
From: Phạm Quý Hoàn(Gr)" <lina@ltfootwear.cn>
Reply-To: brianlee0147@yahoo.com
Subject: Attention needed as per Inquiry
Attachment: Inquiry.exe.zip (contains "Inquiry.exe.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:37:04 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b2vechkaakcdb2izius5vjz7vsoakaikgjyicr53iw4lxwcflvoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 0eaa411d40028430e9194525daa73fac9c05010a32708147bb45b8bbd8455d5d

(this sample)

FormBook

Executable exe df2bbdd833be8896f46c8660acfc9da2711f2a75d8338240b781fc6ee3964f9e

  
Dropping
MD5 f5200d15a07bcc43ca60af2aa0052bd8
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df2bbdd833be8896f46c8660acfc9da2711f2a75d8338240b781fc6ee3964f9e

Comments