MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3150ac8f2015d8141e0fa6095932e29607193ecdf21e7f4ce18b2d1a24b9b4b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3150ac8f2015d8141e0fa6095932e29607193ecdf21e7f4ce18b2d1a24b9b4b5
SHA3-384 hash: c6e0650f98efd07ff72c4a0a228dab626138372a236e5998ec9b58ff488cab0d90ace8f81f75880faa0264ff28ed2983
SHA1 hash: d111e169e8cbec67026b6677fe00c59cde366d48
MD5 hash: 666c199a34c574c2e008457a34099c19
humanhash: robin-october-delta-september
File name:Aquathai.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:216'532 bytes
First seen:2020-07-13 06:26:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ws6J4h78jwbbaFZ3cCUTrr8IVG3+Ai3AzzaWm1I:wstQAoMCUr8IVGD3F
TLSH 5A24235A6B1A79F2F1FA7FD79ECD94504BD3E845986E546D3D2ED0E0062308BF806C82
Reporter abuse_ch
Tags:Endurance FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 162-241-214-229.unifiedlayer.com
Sending IP: 162.241.214.229
From: aqtcenter@aquathai.co.th
Reply-To: engineering@engineer.com
Subject: Aquathai Co. Ltd // Request For quotation //
Attachment: Aquathai.zip (contains "Aquathai.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WUO.20539.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3150ac8f2015d8141e0fa6095932e29607193ecdf21e7f4ce18b2d1a24b9b4b5/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:27:05 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gfikzdzacxmbihqpuyevsmxcsydrspwn6iph6thbrmwrujfzws2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 3150ac8f2015d8141e0fa6095932e29607193ecdf21e7f4ce18b2d1a24b9b4b5

(this sample)

FormBook

Executable exe b45fb97506ddaaddd21207b75f9a877fd65fedc6324fc10a7d16381bdef232a1

  
Dropping
MD5 3a094dd4f2eb6544c5187e5c2f3d9608
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b45fb97506ddaaddd21207b75f9a877fd65fedc6324fc10a7d16381bdef232a1

Comments