MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b920aeffb70ebdefb2569502b81fce5ee648ec03a2b37388ca3599da7ffd0076. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b920aeffb70ebdefb2569502b81fce5ee648ec03a2b37388ca3599da7ffd0076
SHA3-384 hash: 4f9845b9f3c5eda9fae885373982a3b7c5b013c722163e0e574daccbf64b86863d023a3e17f904d82656da57f195ffc4
SHA1 hash: 89a3c950e99e99d145c5fc29bf99d3c4f0dd022c
MD5 hash: 4f3e288c6cc6e65b7e935c6791797ae5
humanhash: cat-fillet-papa-fix
File name:CMA-Inquiry DA39-RFQ-Urgent order-07820.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:361'694 bytes
First seen:2020-07-09 06:41:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:aIzSkGtqDktxIEU81aiZ+IIFJadqBXaEhltutJt0B+rNXK8Ksm1cwHHJu7QebvI7:aqDkMW+IIFR9aEhbutJPZXzKRnH7ebvA
TLSH C374236691DBFADCE1857C46CF99962FB953DDD01E882BB02C00929980C6CF573E78D2
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: ngay7.localdomain
Sending IP: 45.127.62.195
From: APTACA SPA <exports@aptaca.com>
Subject: CMA-Inquiry DA//39-RFQ-Urgent order-07820
Attachment: CMA-Inquiry DA39-RFQ-Urgent order-07820.rar (contains "CMA-Inquiry DA39-RFQ-Urgent order-07820.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b920aeffb70ebdefb2569502b81fce5ee648ec03a2b37388ca3599da7ffd0076/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 06:43:06 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xeqk575xb2667mswsublqh6ol3ter3adukzxhcgkgwm5u775ab3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar b920aeffb70ebdefb2569502b81fce5ee648ec03a2b37388ca3599da7ffd0076

(this sample)

Formbook

Executable exe bb44a88339e83bc2ecbd06edef1acf6c54e66c4c4922005a67c27f970f717075

  
Dropping
MD5 7e8eedd86f24f4e63ed26ff677162e75
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bb44a88339e83bc2ecbd06edef1acf6c54e66c4c4922005a67c27f970f717075

Comments