MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e000dc5b51b181fe54c745cdbdefc108b82e1a508a2dfb9784449d68e23f6e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e000dc5b51b181fe54c745cdbdefc108b82e1a508a2dfb9784449d68e23f6e5
SHA3-384 hash: b5775b76289e2331dc3edb755d30e48b7fa0044978b03f53d24a7aa4eeea594d60c01ab1e9b2e598a3b7e13304cce596
SHA1 hash: eb2d1d219a0761a3e48d72b7f68708600c206844
MD5 hash: 8b181765be32aee0133933b2ac5ec658
humanhash: magazine-item-maine-butter
File name:Order NORM-761-0.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:241'798 bytes
First seen:2020-05-20 08:56:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:LX5bfFGkh+d28RswHZ2vGB9d+vTTMTF8I4zFaDpM:xFJk28RLZJRG3eizzFaDS
TLSH BF3423306A3AD2070C39397A43B11821D56B5C92271E4EEF1E00CD7C5AA87BB996EF17
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: lucky1.263xmail.com
Sending IP: 211.157.147.130
From: Munish Aggarwal <admin@yingshitech.com>
Subject: Purchase Order NORM-761-0
Attachment: Order NORM-761-0.zip (contains "Order NORM-761-0.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Sanesecurity.Malware.23990.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 09:40:31 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dyaa3rnvdmmb7zkmoronxxx4ccfyfynfbcrn7olyire5ndrd63sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 1e000dc5b51b181fe54c745cdbdefc108b82e1a508a2dfb9784449d68e23f6e5

(this sample)

FormBook

Executable exe 7a755f37dfb67f9ee5f00330aeb01fc6262adc740d610549dbb2ec83e99a2618

  
Dropping
MD5 3c47958dceec6beac4ef5c8fddacfa22
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a755f37dfb67f9ee5f00330aeb01fc6262adc740d610549dbb2ec83e99a2618

Comments