MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e537083c299cacd7475bcca322a31b291bd7ca9f3c703b31622d0950ab2f05d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e537083c299cacd7475bcca322a31b291bd7ca9f3c703b31622d0950ab2f05d
SHA3-384 hash: da7ad026850512ac120838b53c6d9e6a02732fea52524805ac8ab3c5e1a2989f2fccf0079efb0cb984f4674df9ab0314
SHA1 hash: 8c968b901efa9349e83edc0856456981d5e8db45
MD5 hash: 96c3060a0d607b4429d1818cfbcb8010
humanhash: spring-vermont-louisiana-indigo
File name:Payment_details.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:313'447 bytes
First seen:2020-06-10 07:37:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:cavv4amN44MovVo9D6RDrSyXN+IWRRWAuOhWaWsBlwkXFff3RhJcG9gx1gUNwvXy:5QX4JovoD6RD/XNWRRWAGavBikXJfBhA
TLSH 8D6423A2ED066BA1AF6456DE73A42EA643D13D0C51702359E4EF70FCA9452BF0C26FD0
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: host34.axxesslocal.co.za
Sending IP: 154.0.167.222
From: applications@frontierguns.co.za
Subject: Re: Confirm account
Attachment: Payment_details.rar (contains "Bank_details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:39:08 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzjxba6cthfm25dvxtfdekrrwki327fj6pdqhmywelijkcvs6boq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 2e537083c299cacd7475bcca322a31b291bd7ca9f3c703b31622d0950ab2f05d

(this sample)

FormBook

Executable exe bf04f6a3d759b9ce48f004cc8667d1b30b97451bcef767932fa6cbdd96ce87e9

  
Dropping
MD5 80b38cb0e58c4ddc697c982b384f4ecb
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf04f6a3d759b9ce48f004cc8667d1b30b97451bcef767932fa6cbdd96ce87e9

Comments