MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2bd3137ba447db9c1085add374876ea4a034d6fcfbe0108038ab04ad60614b76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2bd3137ba447db9c1085add374876ea4a034d6fcfbe0108038ab04ad60614b76
SHA3-384 hash: 35cc60a10806b2271b814ac27b8ede4e544398ff525c08070a9087de107c5945a0a35e37dd744b934a5f86d021ca1861
SHA1 hash: 391988339e24c44adced523cf9b8f047096b7efd
MD5 hash: 41ac3d6847c1e80bda7beb56e276cd34
humanhash: don-spring-double-apart
File name:RFQPO700125210.r15
Download: download sample
Signature FormBook
Create hunting rule
File size:315'310 bytes
First seen:2020-05-26 08:11:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:MVR/JTntL9dHzkfSWnVqSNeh9qpnv2vQp/Bnh/oTY3K:e/JTnB99kfSW0SNeh9qpnOvwJnhgj
TLSH 356423726B89398F8634EC573B4D0BF57B2AD5412AC16DB024D8AC659F06B7F29DE003
Reporter abuse_ch
Tags:FormBook r15


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ip-143-95-1-123.iplocal
Sending IP: 65.75.147.183
From: Qatalum Services LLC <info@qatalum.com>
Subject: Qatalum RFQ PO700125210 Supply
Attachment: RFQPO700125210.r15 (contains "RFQPO700125210.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis603C057F5BE3.12421.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:36:45 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 2bd3137ba447db9c1085add374876ea4a034d6fcfbe0108038ab04ad60614b76

(this sample)

FormBook

Executable exe 37812e3e7309cc0348c77208870cbeb44636a785dec26241fc6e392905edf91e

  
Dropping
MD5 603c057f5be38f515f37db8fddf0e218
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 37812e3e7309cc0348c77208870cbeb44636a785dec26241fc6e392905edf91e

Comments