MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e82cb25670dd3d5df50f74cdf12c6166ac1ef789f0405048c97c3552728d88d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e82cb25670dd3d5df50f74cdf12c6166ac1ef789f0405048c97c3552728d88d
SHA3-384 hash: 8636c072d01b3aab6b0048abd9bf1ff3b18c6fcfeba67ccd18b00c3e4b3a53d11efa890078812868444b7aa7cfa8c0b0
SHA1 hash: b4ecefc4d1b2daaaeb2580dd56b2e966f0113db1
MD5 hash: 9a3776baf1ccbc92a6cae7e741ad2fa0
humanhash: emma-cold-oranges-sweet
File name:Total GP Employment Offer.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:277'871 bytes
First seen:2020-06-14 10:35:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:dk4QI10n1Tr2yFw1OnBvXn5FBZ6NJ2WCssntZoKDksT:C+Ir2iw1OnBvXn3bhWOtZoHa
TLSH 194423FC7718E87F77C131D0D7353A06213C9B0358BDCD95DAB45A697A1A80EA3AE908
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: smtpauth.net4india.com
Sending IP: 202.71.131.66
From: Total GP HR Department<hr@totalgp.com>
Subject: Total GP Employment Offer
Attachment: Total GP Employment Offer.zip (contains "Total GP Employment Offer.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MSIL.Agent.EFJ.7304.11797.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-06-14 10:37:06 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2bmwjlhbxj5lx2q65gn6ewgczvmd33yt4cakbems7bvkjzi3cgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 3e82cb25670dd3d5df50f74cdf12c6166ac1ef789f0405048c97c3552728d88d

(this sample)

FormBook

Executable exe adf4b8a00eec7af49d20ac1939ca9b5c078e8d119c7e6f1b708c5e39df3acf71

  
Dropping
MD5 04c8a35797fa8d2e1e3ed5f65f128d04
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 adf4b8a00eec7af49d20ac1939ca9b5c078e8d119c7e6f1b708c5e39df3acf71

Comments