MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9781ff1f4aeacc5204ecb2b552c2d8a818e91b8539bb842219a58a0ce46f12e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9781ff1f4aeacc5204ecb2b552c2d8a818e91b8539bb842219a58a0ce46f12e6
SHA3-384 hash: 95049cb4f47a12840ac4e1de30bb529ddcb19016a411207eea568a5a74c773f66dc2092eae456bbf83a4b61e08daaebb
SHA1 hash: 1e24a3ea33829238576558639d2f1fd5a63d2b68
MD5 hash: ad8e8a1ef1a84e42c6fb6072cff3daf9
humanhash: six-avocado-football-finch
File name:PO_3741 STONIC.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:276'662 bytes
First seen:2020-06-18 12:53:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:vUlDbtN5ryfggVULRv0o4cM/chC/LypZ7o8xRLl2LNTMEfwMLiR98QTeKT:gDb5OfzVU1v0ncM/X+jkeN6NTf3LJQTf
TLSH C7442344D31F838F19FA232A8894D653609139854E7BFB6815AFAD9EC33563A3C877D0
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Thani <Thani@yuntong-batt.co>
Subject: RE: RE: PURCHASE ORDER
Attachment: PO_3741 STONIC.rar (contains "PO_3741 STONIC.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 13:36:28 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s6a76h2k5lgfebhmwk2vfqwyvamosg4fhg5yiiqzuwfazzdpclta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 9781ff1f4aeacc5204ecb2b552c2d8a818e91b8539bb842219a58a0ce46f12e6

(this sample)

FormBook

Executable exe 7f30518d5d377a5daabfdf24a509e35c46b04f951500fec7a78e84724c4cdbc4

  
Dropping
MD5 3374bece9b1b1861e44bc9b6fe8fdf10
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7f30518d5d377a5daabfdf24a509e35c46b04f951500fec7a78e84724c4cdbc4

Comments