MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91a980fc10574636b2b64a85a04ec1500079b18e7e83ad7b32e0d024ae8ea358. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91a980fc10574636b2b64a85a04ec1500079b18e7e83ad7b32e0d024ae8ea358
SHA3-384 hash: 8c346f5e6460890787e3019e7b687f44ce3c7bc29f1cf8d4146cc7d9e03f42e810821c4c8b091c452a77ef4c50c80624
SHA1 hash: b93226414f338a42ba7d2bd53f7f27333fd82975
MD5 hash: 7a7d558a7c6556240d6c4fff446f9852
humanhash: kitten-purple-july-yellow
File name:Remittance.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:426'819 bytes
First seen:2020-07-07 09:36:35 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:eZNs9xK0DzL1eLprmsGjaIZB8X2vEkrDJPJQldZik:eZox9SMF/JjrDJPJQldZik
TLSH 6F9423FBC51BF5D6031DFA65887BE7B997052DEA904AA7E5840538E2E77353348D0023
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: upchangecommbest.live
Sending IP: 117.50.105.169
From: Jason Watkin<sales@upchangecommbest.live>
Subject: Remittance slip
Attachment: Remittance.arj (contains "00707808880.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91a980fc10574636b2b64a85a04ec1500079b18e7e83ad7b32e0d024ae8ea358/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 11:27:54 UTC
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sguyb7aqk5ddnmvwjkc2atwbkaahtmmop2b226zs4dicjluounma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 91a980fc10574636b2b64a85a04ec1500079b18e7e83ad7b32e0d024ae8ea358

(this sample)

FormBook

Executable exe fef2f8121d80af16a1fbc65d419096960e10bcd8c29a179afd0dc4140d8a0fc9

  
Dropping
MD5 51a4d70b055b1c78d48418a1bf240e04
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fef2f8121d80af16a1fbc65d419096960e10bcd8c29a179afd0dc4140d8a0fc9

Comments