MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c004822cd78deb55cf3ed841a087538288bb3ec95558ef0e2b5d644c98613b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c004822cd78deb55cf3ed841a087538288bb3ec95558ef0e2b5d644c98613b1
SHA3-384 hash: 34e8bb1b5dddbdc74c9786825b408b86a22c64a75b1bb68404eb23daf3c610bf6b0b10974437a794183109a382393ae2
SHA1 hash: 3f5d01ae44674d52190736fea15a574a3a174656
MD5 hash: 0a20f8f392937693b8b163fc958b7cbf
humanhash: wisconsin-network-fanta-cola
File name:Purchase Order.pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:317'988 bytes
First seen:2020-05-26 10:14:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:SEB8jM/OU16ELswYUt+VnowwTZ2K6vOZD6JQU7NOYpiVJ199plfgVZQpwtUVnUDS:SECjM/JfLYVmaLQYUVPpBSmnCzda1
TLSH 736423FA1C98B662F1D70B5A965FD8A62CFCAE21AC77B36766C7089E3401C3C191C5D0
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: Rakzan.com
Sending IP: 78.46.63.69
From: Rakzan Ortis(Gr) <sales@Rakzan.com>
Reply-To: samiraabadi047@gmail.com
Subject: Dear 200nianren Attention needed as per Order
Attachment: Purchase Order.pdf.zip (contains "Purchase Order.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 12:52:55 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 4c004822cd78deb55cf3ed841a087538288bb3ec95558ef0e2b5d644c98613b1

(this sample)

FormBook

Executable exe 575cd2d06aa99a48ed59b412bb87aba3b3e3cd66093c7f9efd118bf533032ba3

  
Dropping
MD5 00d7241de149d6511579e6d5ad7974ec
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 575cd2d06aa99a48ed59b412bb87aba3b3e3cd66093c7f9efd118bf533032ba3

Comments