MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21b69159a1e836a6abc0d401c36f36345935d27ebe642d8e85be35672b254328. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21b69159a1e836a6abc0d401c36f36345935d27ebe642d8e85be35672b254328
SHA3-384 hash: 61e0cd3d3e122570a8927d354b057da81cbccf8394da34c266ce5d9d4493959dbf4040989249f1113db2056e3ef3f9a8
SHA1 hash: 23a8852ef3720eb015251b4973979b075c3ba6c7
MD5 hash: 3f975d394399451a774011f1cd121741
humanhash: massachusetts-bacon-river-aspen
File name:New Order.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:293'420 bytes
First seen:2020-05-13 10:17:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Uh4JR8Jlz0ygYcz4LGfAvbNAKxQZJ+4iOiorbfQ3QasuMN46hJFQ:3JR8Jlz0WWYbe/ZJAL3QawbG
TLSH 785423C0CE74A78C02C29CC8B798B7AF8C26565BEDF658D533455C0D43D66B2877C9A2
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail0.61.menxtinuon.casa
Sending IP: 161.35.65.177
From: Peggy Yim<jaico@jaico.co.kr>
Subject: Re:URGENT - PO# AO-200402
Attachment: New Order.rar (contains "New Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 03:58:04 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eg3jcwnb5a3knk6a2qa4g3zwgrmtlut6xzsc3dufxy2wokzfimua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 21b69159a1e836a6abc0d401c36f36345935d27ebe642d8e85be35672b254328

(this sample)

Formbook

Executable exe d95bd35e8006672dad1417e0b734b0660a253218e6f27cd1443e90d9ad1f0379

  
Dropping
MD5 78d036062389d5034338824e4ec363fe
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d95bd35e8006672dad1417e0b734b0660a253218e6f27cd1443e90d9ad1f0379

Comments