MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31e5afd712e36d35ff0e9977d3edb495803dd95993b989cdc6f1d4c7ded0c242. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31e5afd712e36d35ff0e9977d3edb495803dd95993b989cdc6f1d4c7ded0c242
SHA3-384 hash: 43045262d6550912ac7075927783b3638da12c0ecf873d6ac24f4814eb46b4cf79aca898b8174ca0d049fbdfcc821be8
SHA1 hash: f37a37f72732245269bdf9993a1d63311e2694c8
MD5 hash: bf22585210b40cafb6af27d69ddcd851
humanhash: angel-ack-georgia-oxygen
File name:Purchase Order.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:598'491 bytes
First seen:2020-05-22 07:29:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:wgxafgMoJBQRfzxN1GQhpVer/42gxafgMoJBQRfzxN1GQhpVer/41:jxafgMyBInHBechxafgMyBInHBec1
TLSH B9D4237C3FCA04F01D6266E882238B97EB0DC5E6AED43C085B577194E35566A5C0B3CB
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: arod.greenwoodmails.com
Sending IP: 69.195.142.6
From: sales@greenwoodmails.com
Subject: Fw: Re: RFQ New Order
Attachment: Purchase Order.rar (contains "Our presentation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 07:36:37 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 31e5afd712e36d35ff0e9977d3edb495803dd95993b989cdc6f1d4c7ded0c242

(this sample)

FormBook

Executable exe ebd2f02f7d8313a87d8f7cb6c120cf561519423d7c3de299a003668d02697552

  
Dropping
MD5 5abfc04f21d604e21dfaf03dcdf9a25f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ebd2f02f7d8313a87d8f7cb6c120cf561519423d7c3de299a003668d02697552

Comments