MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15e13a01b897d9f89744b04143e1d1f45e89dc54866039d83028825bebc64875. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15e13a01b897d9f89744b04143e1d1f45e89dc54866039d83028825bebc64875
SHA3-384 hash: 300278bbda6be2462959b14985785b6f92596b95b6b696e5f51c63517269d53a483eab3def9c2e9c41f500db20b1e4ea
SHA1 hash: 516bf349f181f6404cc43f06066e3ad641b9b021
MD5 hash: 5a3259f65750f15c0acbf630fa18de78
humanhash: september-orange-hamper-speaker
File name:Purchase order from Arrow Electronics Components.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:565'008 bytes
First seen:2020-06-15 13:24:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:OEuot6wjK2zwrHwWjkLS1OeaBV7kN/8IWKRSEuot6wjK2zwrHwWjkLS1OeaBV7kV:O3ot6w+2zwrHzkL9iNRWh3ot6w+2zwrl
TLSH 12C422AE33344E406F349D8A74F6105ADE60E3DE7FC5250F94AA251FB2E2051631AEF9
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

From: "Liu Jianguo" <liujianguo.singapore@arrow.com>
Reply-To: "Liu Jianguo" <liujianguo.singapore@arrow.com>
Subject: FW: REQUEST FOR QUOTATION - Arrow Electronics Components
Attachment: Purchase order from Arrow Electronics Components.rar (contains "Purchase order from Arrow Electronics Components.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:26:04 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cxqtuanys7m7rf2ewbauhyor6rpitxcuqzqdtwbqfcbfx26gjb2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 15e13a01b897d9f89744b04143e1d1f45e89dc54866039d83028825bebc64875

(this sample)

FormBook

Executable exe 7a475538957191436090c02a6ad2daa2ea4e60aa82c11f514892d5541a3e79d8

  
Dropping
MD5 3b512f0fc4f57f6f4aec897c027e8bda
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a475538957191436090c02a6ad2daa2ea4e60aa82c11f514892d5541a3e79d8

Comments