MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara 2 Comments

SHA256 hash: bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0
SHA3-384 hash: d061c801b8dd25e8d16346f390dc8274e650bbc5db2b306ea13297df2868dd94016032cb14d36f0a7da11a16ffe3f849
SHA1 hash: be584653e032bd30328b6dbc5e7a502bde7f8342
MD5 hash: 15841911ca4112d3e662c04db3517145
humanhash: hotel-red-early-ack
File name:Shipment Document BL,INV and Packing list Attached.exe
Download: download sample
Signature Formbook
File size:312'320 bytes
First seen:2020-06-30 05:42:52 UTC
Last seen:2020-06-30 11:34:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:Iq7U+f5FmWKP/kLxWYHW13BR1tb1ef3wA7HZxXPsB/6Bq:Iq7U+3o2BHW1x1b0f9HZ9EyBq
TLSH 5264013673A5DB7AC5BA97B510B044100FB3BA2B6160D25E6D90B8DE1CB3B509B31F27
Reporter @jarumlus


Mail intelligence
Trap location Impact
IT Italy Low
Global Low
# of uploads 2
# of downloads 29
Origin country FR FR
CAPE Sandbox Detection:Formbook
CERT.PL MWDB Detection:formbook
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 05:44:06 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:formbook
Tags:evasion trojan spyware stealer family:formbook persistence
VirusTotal:Virustotal results 13.70%

Yara Signatures

Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0

(this sample)

Delivery method
Distributed via e-mail attachment