MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c2e09280fcb0e2c0bf2c65f6e2f2656a40fb09ca969d43b80f4d27d152cbb57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c2e09280fcb0e2c0bf2c65f6e2f2656a40fb09ca969d43b80f4d27d152cbb57
SHA3-384 hash: abde85f0957303d32163780e42b399f3d4244a18303784e2da6a044a3b5c2f0681cc6dbe4e228d5f9bf33762f760a46c
SHA1 hash: e7232b7eb15fc5ab46341b62718bf66ec1791a0a
MD5 hash: 2876e67e5be1c3482f8cdbeaaf2ba358
humanhash: quebec-fruit-oscar-autumn
File name:RFQ.IMG
Download: download sample
Signature FormBook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-18 06:22:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:2cSc6eTRI+hfV4LqQ74hXBSFT38Cjma4yKyP6OEo+A6Yae9:2nc6eTRTaqugWT7jBzKyPBEo+A6Y
TLSH 4345E1067798C716C5750B7AC4E6550003B8EA263B22E72A3BCD32AD1B633D35A4778F
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: vitasiz.xyz
Sending IP: 192.227.72.31
From: Han-Su  Park <terry@vitasiz.xyz>
Subject: RFQ-견적 문의 요청
Attachment: RFQ.IMG (contains "RFQ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 04:35:49 UTC
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lqxaskapzmhcyc7syzpw4lzgk2sa7me4vfu5io4a6tjh2fjmxnlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 5c2e09280fcb0e2c0bf2c65f6e2f2656a40fb09ca969d43b80f4d27d152cbb57

(this sample)

FormBook

Executable exe f68b09a8adc07e084eda2fa581e9111716bb34bcba0565da70bda46860ce7c64

  
Dropping
MD5 2638813001d70ad71e97327e791087bd
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f68b09a8adc07e084eda2fa581e9111716bb34bcba0565da70bda46860ce7c64

Comments