MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4929bd167c2c1e84737695d407b548557c45d593bebc738bf51e6322dbf3417e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4929bd167c2c1e84737695d407b548557c45d593bebc738bf51e6322dbf3417e
SHA3-384 hash: 742ed85d4f5f0d69e5c428243dca2a0376530f18310d2995a7dc7728f998dd5f27e51475b319776f91b8b560d95e70be
SHA1 hash: ff2cfce0af9df3ebf35be06dd31cdcd1e08c7454
MD5 hash: 6eb4127c3d0fd6b2ffceb296df341709
humanhash: alabama-venus-maryland-rugby
File name:sQKId7FoEtcj10T.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:300'136 bytes
First seen:2020-07-03 06:43:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:SfwjJGlQ7Oh4JIidgVXJHJxOxZC6U+4VtZd5p0M6oUTW/RG:IaG42idixcXj45d56bPoRG
TLSH 275423F9AA7335BA4F81A5326530AD4C7286CF60B63984D1819B1F9DA3126F064F1FB1
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 3sapparel.co.141.90.111.in-addr.arpa
Sending IP: 111.90.141.26
From: Lee Chuan Lian <cllee.Chuan@eagleshpmgmt.com>
Reply-To: patbonnantakui@gmail.com
Subject: Order 111093 JUNLANG
Attachment: sQKId7FoEtcj10T.rar (contains "sQKId7FoEtcj10T.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4929bd167c2c1e84737695d407b548557c45d593bebc738bf51e6322dbf3417e/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:45:09 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jeu32ft4fqpii43wsxkapnkikv6elvmtx26hhc7vdzrsfw7tif7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 4929bd167c2c1e84737695d407b548557c45d593bebc738bf51e6322dbf3417e

(this sample)

FormBook

Executable exe d7980c1e8ee9c38009cacdbc00f12940564aa7b33bc35ccc67510aeb57b75e2e

  
Dropping
MD5 e454c3eaad6bfeee4eb404031570c5d0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7980c1e8ee9c38009cacdbc00f12940564aa7b33bc35ccc67510aeb57b75e2e

Comments