MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d169a9196da4b00aab16a2bfc45e4a064f05be7e4c77f459002e3ef9846ecfae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d169a9196da4b00aab16a2bfc45e4a064f05be7e4c77f459002e3ef9846ecfae
SHA3-384 hash: 7d18ee3e88695bb73edf6e9fe64d80dfc6f385947b2cdcdbaddd45dd94456337b5e1153904880dc5d8bb4141a75128f4
SHA1 hash: 5f6598f61d1d4426fcbc57888fbfd2fa4382c5e9
MD5 hash: acc09b070e1f706ee25fcc6d7c2f5793
humanhash: lithium-lamp-burger-illinois
File name:IP FILES.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:252'403 bytes
First seen:2020-05-20 09:00:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:sXlvQZMzmrnSXn3PNNJapd06ZhxToydykZWaHDiW:sRQZhrnSXfiGG1iaWW
TLSH 1134236336864C57C951CC2F398DA5A4F81E341319C5CC9F923A43BD22BA3EE754E29B
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: domain.com
Sending IP: 45.35.176.55
From: Security team <noreply@domain.com>
Subject: We noticed unusual activity on your account
Attachment: IP FILES.zip (contains "IP FILES.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 23:22:31 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2fu2sglnusyavkywuk74ixskazhqlpt6jr37iwiafy7ptbdoz6xa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip d169a9196da4b00aab16a2bfc45e4a064f05be7e4c77f459002e3ef9846ecfae

(this sample)

FormBook

Executable exe 0cc16629baebcad2253c82ea0625b90df67e4012a56b0bce7b5dea230d6c3d35

  
Dropping
MD5 2d239027eb8ea0f670077b98524babab
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0cc16629baebcad2253c82ea0625b90df67e4012a56b0bce7b5dea230d6c3d35

Comments