MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 887d43981d30c6d7a65e5b281434bf3796fee6f154ff4bd2ddabad64310d9c06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 887d43981d30c6d7a65e5b281434bf3796fee6f154ff4bd2ddabad64310d9c06
SHA3-384 hash: 8fb78ae4e40a32453b6f5ae31fc73397b01183ee29a0a0a2ee43ba297f620b7be347905fb599479468b37a5a71229e1e
SHA1 hash: 28325a77879688c1c1217d6210ba3cdd660d0227
MD5 hash: 962ce6ed6729ab481d57a8cfbf65d40c
humanhash: batman-cat-fourteen-bluebird
File name:RFQ 096300.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:294'979 bytes
First seen:2020-07-13 06:59:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:SneM15TO1b470Tddou2vUgfBZMRbCjN6SDLqZkNje:SnO1OI00gfPMEjN6YL4Yje
TLSH 2E542313A596665C7134852007B37BC4EF58D313A7BB4813207A763FB2D6A06B2D2EE7
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: slot0.natanzsteal.com
Sending IP: 45.95.169.96
From: Bella Peng <bella.pen@lbau.com.au >
Subject: RFQ 096300 AU
Attachment: RFQ 096300.zip (contains "RFQ 096300.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/887d43981d30c6d7a65e5b281434bf3796fee6f154ff4bd2ddabad64310d9c06/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 07:01:07 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rb6uhga5gddnpjs6lmubinf7g6lp5zxrkt7uxuw5vowwimintqda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 887d43981d30c6d7a65e5b281434bf3796fee6f154ff4bd2ddabad64310d9c06

(this sample)

Formbook

Executable exe 7f4d53805b50624cb5e92857423661c3aef89e24c4ca63e79fdf62cbe2cb694c

  
Dropping
MD5 802c413ef3a40b505e5b8e2e0fc7bada
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7f4d53805b50624cb5e92857423661c3aef89e24c4ca63e79fdf62cbe2cb694c

Comments