MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73dcf46298af2945258463e21af4f462ec8b47d5e16e869513541c9257f50e5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73dcf46298af2945258463e21af4f462ec8b47d5e16e869513541c9257f50e5c
SHA3-384 hash: 4a46d83bb98778679ee7ca03739564585297e6b51306d6236c6a377a3d7caaeacb20153eb918c206eeeb4e6e81663d87
SHA1 hash: bd9407f0994d4904bb043dc8b71f795c39e0565d
MD5 hash: f18facf6f1e037c79a8dce2fb9a7d314
humanhash: illinois-hamper-jersey-echo
File name:Confirm.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:281'010 bytes
First seen:2020-05-27 08:16:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:M2MaTdwuBFHFMCPjqghs4AarahPkpcc/bITqQLvVWu:hMaTFBFHFMCughhAaeh8Gwu
TLSH 9C542386587183101E78D66FD24B3BD41A91838B6D5317CBA96862F374AF4E013C6FCA
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yisun.co
Sending IP: 111.90.159.196
From: Sudhakar <sudhakar@gmail.com>
Subject: Order Inquiry
Attachment: Confirm.zip (contains "Confirm.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WBK.7843.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 08:37:03 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
7 of 48 (14.58%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 73dcf46298af2945258463e21af4f462ec8b47d5e16e869513541c9257f50e5c

(this sample)

FormBook

Executable exe 60b16ec5588cc16f4513cd9c999ec223894cef95f7b48c5b180bfcf3852d1521

  
Dropping
MD5 cd3270b0a9203f52c37c135242ce1ec2
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 60b16ec5588cc16f4513cd9c999ec223894cef95f7b48c5b180bfcf3852d1521

Comments