MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26d40d45d2ec92fe4d33c498bb21bd2cce478f2392ee04321fadccf83b535f85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26d40d45d2ec92fe4d33c498bb21bd2cce478f2392ee04321fadccf83b535f85
SHA3-384 hash: 951d938504111421d110a7414a31c43f94a5fae29544a08552309546d71a8f00196eb6c6ee27f15a8ca8002ada4650e5
SHA1 hash: e8b861d7f35493a20f35d70cdc2e58bae16ed682
MD5 hash: 28df3be8b8459f9485f76d7bbede4881
humanhash: uranus-cold-kansas-don
File name:Payment Copy.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:294'129 bytes
First seen:2020-07-01 16:07:00 UTC
Last seen:2020-07-02 05:02:13 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:nWTMCoUsuQisWf2v1sjVI/7cO8KAy73uFFiD/:nWnoLLiD2vae7cOiy7ciD/
TLSH 2554235EEB49C6B6B7F63373A4AE400E387BBDF8650995C7A3349116B26D33C4984C24
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: seo.seoera.net
Sending IP: 192.254.138.161
From: Marzia Seletti <marzia.seletti@arix.it>
Subject: Payment Copy (Swift copy)
Attachment: Payment Copy.zip (contains "Payment Copy.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21237.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26d40d45d2ec92fe4d33c498bb21bd2cce478f2392ee04321fadccf83b535f85/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 16:08:04 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e3ka2ros5sjp4tjtysmlwin5fthepdzdslxaimq7vxgpqo2tl6cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 26d40d45d2ec92fe4d33c498bb21bd2cce478f2392ee04321fadccf83b535f85

(this sample)

FormBook

Executable exe c3296e6f257decffa05a8ae478c797875d4d2e9a29c9eaa85d4b4f00baa87148

  
Dropping
MD5 e1fbfd4bb20322b2aaa7a25c70dd0ce1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c3296e6f257decffa05a8ae478c797875d4d2e9a29c9eaa85d4b4f00baa87148

Comments