MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b15b1fd3bf2eef911358d7125b5120eb716dcd75af883cd133dc0e346988c85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b15b1fd3bf2eef911358d7125b5120eb716dcd75af883cd133dc0e346988c85
SHA3-384 hash: e0f06851f6583447ebcbf3b1bedae98626f5223cfc165e87034990b849926290fce4c638fc150a07a9c62367bc4d3f91
SHA1 hash: cc271db98fc74f0cf3ee8508b3b546522876cdc5
MD5 hash: 2e9388fa93aa73819d8fc600611cc73c
humanhash: tennis-glucose-fish-ten
File name:PO_May.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:957'328 bytes
First seen:2020-05-02 17:08:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f00d8dcb202a28bfc47f99ef51cb4107 (3 x FormBook)
ssdeep 12288:4YOUBBN/eZZe7M138vlLtfTpOOPBebQubsRPuUcsl6k4/yypwD6FoEwc:r58ZCM138v9rTJebvb55xk2pwD6FoEwc
Threatray 5'293 similar samples on MalwareBazaar
TLSH AA159FC5F14888DBE93B19B3983BA63050467DED90F1811E729E772955B338210BFE6E
Reporter abuse_ch
Tags:exe FormBook

Code Signing Certificate

Organisation:VeriSign Time Stamping Services Signer - G2
Issuer:VeriSign Time Stamping Services CA
Algorithm:sha1WithRSAEncryption
Valid from:Jun 15 00:00:00 2007 GMT
Valid to:Jun 14 23:59:59 2012 GMT
Serial number: 3825D7FAF861AF9EF490E726B5D65AD5
Intelligence: 44 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 8815DFF787F21FA8106760CB89C5B4493F4BD45E2CE801D2A4FE1F61DEE0C039
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: cathay-food.co
Sending IP: 111.90.140.123
From: Kelvin <info@sprengelmeijer.nl>
Reply-To: piusequip20@protonmail.com
Subject: FW: we need supplies urgently
Attachment: PO_May.zip (contains "PO_May.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 17:35:25 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmk3d7j36lxpsejvrvyslnisb23rnxgxll4ihtithxaogruyrscq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
emotet
Create hunting rule
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
2df514e021d7b92b4c12d4a4c37b67e012483b18142c7b7cf562180584b8eb27
FormBook
7b374209103049367377912f01bee277ac736b1f7d0010b87e8fac5c18986dff
FormBook
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
FormBook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
FormBook
c4cd89d489b7605791a6cbb36b373089c926972fe51b5ddaa584f0870febf58f
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
fb000356c5a5e099f9298966a08d806286aab7a9c54f324437a7248af114c109
FormBook
+ 5'283 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 13f82f8a450c7c2d5c3a01fce16501e95e3894b8f84634e31718db80c0b79c7f

FormBook

Executable exe 5b15b1fd3bf2eef911358d7125b5120eb716dcd75af883cd133dc0e346988c85

(this sample)

  
Dropped by
MD5 76852e85ed86298ce5456f0aee355470
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 13f82f8a450c7c2d5c3a01fce16501e95e3894b8f84634e31718db80c0b79c7f

Comments