MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a224f6dfdbce751c787bcf574b19e7c20aefb34c9c5b32fd1446b964e550ddc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 8a224f6dfdbce751c787bcf574b19e7c20aefb34c9c5b32fd1446b964e550ddc
SHA3-384 hash: 84dc45f99782269a0159d0b03033fb868d9c5c46461abcc9bf9c2dfd2d57c1c5d4ac8576a2ac43883e2a4c2358ebee87
SHA1 hash: 9e53f5d98bd426f73d8a87430bd62060d8e4f437
MD5 hash: 0ab230bac14cb1a3c3a9df9dd5b4e436
humanhash: louisiana-cup-speaker-ohio
File name:Confirmation Copy 11.rar
Download: download sample
Signature FormBook
File size:401'308 bytes
First seen:2020-07-31 11:48:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:E9V7KwVpQ5jltf5Gd+urlim4F3p9l6AmG79+lE:E9V7j/Q5jBGcm4Vp90GCE
TLSH A18423F4B4C2B9453A9D14FF092CA08F6ED06B174906AD81E85C4578D37A73E31A29DF
Reporter @abuse_ch
Tags:FormBook rar


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: itproserv.gr
Sending IP: 138.201.137.146
From: Giovanni <accounting@gadingcakrawala.com>
Reply-To: hopps@kiwibeachresorts.it
Subject: Re: Bookings
Attachment: Confirmation Copy 11.rar (contains "Confirmation Copy 11.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
37
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Medium
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 11:50:10 UTC
AV detection:
16 of 48 (33.33%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 8a224f6dfdbce751c787bcf574b19e7c20aefb34c9c5b32fd1446b964e550ddc

(this sample)

  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments