MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1ac71d605202ad4cbf21be5a3a3a1195c2caa6df1f4010fc67a0f4cd83ccbc3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1ac71d605202ad4cbf21be5a3a3a1195c2caa6df1f4010fc67a0f4cd83ccbc3
SHA3-384 hash: d188a4c13e4fa296eaaa60ffee06741aab42ab21cfd9367ed4148ffffe3ab1c4f21927f56b6c310b3ff9c49560f55025
SHA1 hash: 8281b0e8557c08fd0d06c042a1f8a1c495d7cb4f
MD5 hash: efa7e458363f1ffe516a4707ce466903
humanhash: kilo-magazine-romeo-beer
File name:PO52961107.iso
Download: download sample
Signature FormBook
Create hunting rule
File size:1'150'976 bytes
First seen:2020-05-04 18:23:21 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:W+NjprJlc0geFAdOeFA4pOFm4lDKX2zsf/FHsVovVEdV/3Caw:W8rJl1gzdOz4pOFDpPsf/FHsl3
TLSH 96354A32E280C425E4964EB3983ACD93593B7F583525A71F22EF73181EB33563769A0D
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail3.alwayson.net.bd
Sending IP: 117.58.240.118
From: ATLAS INC <jalil.woven@fakirapparels.com>
Reply-To: postmaster.fakirapparels.com
Subject: New Order From Atlas Supply Inc
Attachment: PO52961107.iso (contains "PO52961107.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33776536.19697.29719.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 12:37:17 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
11 of 31 (35.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ugwhdvqfeavnjs7sdps2hi5bdfoczktn6h2acd6gpihuzwb4zpbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

iso a1ac71d605202ad4cbf21be5a3a3a1195c2caa6df1f4010fc67a0f4cd83ccbc3

(this sample)

FormBook

Executable exe 234bac494cfbfe7b41f3b4910dde4912b521e733fc30d0f83f34fca0f902ea29

  
Dropping
MD5 877e8ab4d4f6ee3a96df237f4a94f01a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 234bac494cfbfe7b41f3b4910dde4912b521e733fc30d0f83f34fca0f902ea29

Comments