MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69afd5a7f3e675cd53cbac316fba01e77db7139363e1ee916b5a740b3dea3ae9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69afd5a7f3e675cd53cbac316fba01e77db7139363e1ee916b5a740b3dea3ae9
SHA3-384 hash: 76ee7f12996f68f637486ecf0e4aca02e2cc246a15412af68f5bc68ba1c47744bf15bb39bfd0bb630e54152508445895
SHA1 hash: 403c667e8efc4118a01719d0b159d334699aa1a9
MD5 hash: 698638db7a96e14eadcb84902738e496
humanhash: bluebird-early-quiet-florida
File name:PO _78574764 June 4-2020.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:327'619 bytes
First seen:2020-06-04 17:39:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:zmLirOlcmqdINSl0RWf+TrF/4EU+MkqQUjrW9Uja57HTexzHT:zmLTlrN60QKrt4N+ncWZzyzz
TLSH 056423E01518537468FA2A7AC130FAD2E1CDEC70C4DA18CA8965E7B95417824DFBAC9E
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gmail.com
Sending IP: 185.215.151.148
From: Sales Manager <hussainqamzi1981@gmail.com>
Reply-To: hussainqamzi1981@gmail.com
Subject: NEW ORDER
Attachment: PO _78574764 June 4-2020.zip (contains "PO #78574764 June 4-2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200604-2305.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 17:54:03 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ngx5lj7t4z242u6lvqyw7oqb4563oe4tmpq65elllj2awppkhluq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 69afd5a7f3e675cd53cbac316fba01e77db7139363e1ee916b5a740b3dea3ae9

(this sample)

FormBook

Executable exe 2bd1995c8c2b3f35906807ce4697151cf801af339579cd7b86e467df6474dafa

  
Dropping
MD5 130322a1fd284d7d585221381038c584
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2bd1995c8c2b3f35906807ce4697151cf801af339579cd7b86e467df6474dafa

Comments