MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8680f4eba4e791f98b82e63681cf54b615494da3813d25d58f9cbd3e9b7262e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8680f4eba4e791f98b82e63681cf54b615494da3813d25d58f9cbd3e9b7262e7
SHA3-384 hash: 5fb3b1c4827e1958d81b40e404fcf752673916387416540ae644968e2386c05273786f8d741f58d3a4d2dea8a493f76f
SHA1 hash: 263a43ec0bd54f0af0f7a90770b04828b13bb6c2
MD5 hash: c9b2ddcca7f20d899401181c3c2ed96b
humanhash: delta-lake-zebra-yankee
File name:DHL Shipment AWB 5214910007391.img
Download: download sample
Signature FormBook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-07 06:48:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:h8+B/+JOF5soUUZGoX9EAjmFEKjt6FklfQ3FmLI6tMQkJh5haF5x:1+QF5scZDt5mFE7i4Ff6tGXTaJ
TLSH F845220947805866CA64397B66FF13640263CF997494FB9FB7DFB28A03363A21415E8F
Reporter abuse_ch
Tags:DHL FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: k023.k023jp4238.info
Sending IP: 160.16.147.59
From: DHL Courier ServiceĀ® <noreply@dhl.com>
Subject: DHL Shipment AWB: 5214910007391
Attachment: DHL Shipment AWB 5214910007391.img (contains "DHL Shipment AWB 5214910007391.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Nanocore.23.18497.9090.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 03:41:55 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q2apj25e46i7tc4c4y3idt2uwykustndqe6slvmpts6t5g3smltq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 8680f4eba4e791f98b82e63681cf54b615494da3813d25d58f9cbd3e9b7262e7

(this sample)

FormBook

Executable exe ebfb1ff1b4c2b59183abffb8fbc8fd8271d0756868ceca9b72b26cfee8030ec9

  
Dropping
MD5 04ec1b30b15bf7076a9892be1dae11b0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ebfb1ff1b4c2b59183abffb8fbc8fd8271d0756868ceca9b72b26cfee8030ec9

Comments