MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc3b7f1af580c86302a0e14d9d4c78465d367d541a40b412b77b295192c63580. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc3b7f1af580c86302a0e14d9d4c78465d367d541a40b412b77b295192c63580
SHA3-384 hash: b474ad2c14443849e25ade21213c1a2eefd00156b2f825dd71df71d29d5f17df4c664423c22589c0a713ab85770150a1
SHA1 hash: 7f7e9cf879c4be6470ded658cfe231d884e01c26
MD5 hash: b79f17c71761cda547aa9f9714b939b3
humanhash: eighteen-triple-sad-golf
File name:RFQ-GIFI.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:244'514 bytes
First seen:2020-05-19 06:06:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:vT/R8uzVHnGeimfIzR84x30qjE8F8WxVAP:vTLHnGei3zv3NbF8y0
TLSH E3341364E5D90842582BE43823ED7F101030765A4FE8DE2E7F75BF288E9BDC66C27291
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yisun.co
Sending IP: 111.90.159.196
From: Janson <janson@gifi.com>
Subject: RE:Quotation price
Attachment: RFQ-GIFI.zip (contains "RFQ-GIFI.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 02:33:21 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xq5x6gxvqdeggava4fgz2tdyizotm7kudjalievxpmuvdewggwaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip bc3b7f1af580c86302a0e14d9d4c78465d367d541a40b412b77b295192c63580

(this sample)

FormBook

Executable exe 7050254375f80a115a4a4a497bd423bcedd3b5bf2dcd8aceca58376cbc6b23a2

  
Dropping
MD5 ac10041c949e8d23e31e92ea5878808e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7050254375f80a115a4a4a497bd423bcedd3b5bf2dcd8aceca58376cbc6b23a2

Comments