MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 125de90eb3a08ed601f256d17f94fa2d937972ba3ef671c070ac8e1024448526. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 125de90eb3a08ed601f256d17f94fa2d937972ba3ef671c070ac8e1024448526
SHA3-384 hash: 78a5a84c9f45cb65b73158bad033dfea447afb4059dab63167e8bc8795b7df246b3f2c631d258fff191c1b1bf8b86e4c
SHA1 hash: 9fe06f8318a50ee1d9cc4c1d0f3552b4346425b3
MD5 hash: b2264f91f22b1de7c5d274dfee4cb472
humanhash: twenty-fix-hawaii-maine
File name:Factura de proforma.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:270'510 bytes
First seen:2020-06-26 06:11:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:m2yF5SibAVubPym98WGtKzZXy3eHhKmeAb7vprTazXalvFuLLLBbV9:m2yF5JzbKo+K9THh0ojpHGQFu/LBbP
TLSH E8442250F12C56B505C66F6D038E81A5CA72A108A2ACDFFBE720DDC734F55C8CB69E89
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: fre.freespirittours.ge
Sending IP: 192.254.140.61
From: executive@freespirittours.net
Subject: Re : Factura de proforma
Attachment: Factura de proforma.rar (contains "Factura de proforma.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/125de90eb3a08ed601f256d17f94fa2d937972ba3ef671c070ac8e1024448526/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 06:13:04 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cjo6sdvtuchnmapsk3ix7fh2fwjxs4v2h33hdqdqvshbajcequta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 125de90eb3a08ed601f256d17f94fa2d937972ba3ef671c070ac8e1024448526

(this sample)

FormBook

Executable exe 451760c99be8a959869ac8736b9550013fbb5c925763a8d707e6a05f3c652dd3

  
Dropping
MD5 484c495a42f4b0d4d59bb68916596061
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 451760c99be8a959869ac8736b9550013fbb5c925763a8d707e6a05f3c652dd3

Comments