MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5c2b0b6a9b066fc5f15ab26e4ab2d584692c5769eb2f77297757a89373c4559. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5c2b0b6a9b066fc5f15ab26e4ab2d584692c5769eb2f77297757a89373c4559
SHA3-384 hash: fb540fea41c7cb90b405c92ecfd2579ee120a887a42ce030e4032156dfb1c6787cc9e7c69c942b63f323ec7f796584dd
SHA1 hash: f2bd0613df6248fb3c96fc3426948395c1876738
MD5 hash: fe9175b5d4c95d61372be11d5ab78b31
humanhash: montana-yellow-solar-apart
File name:MT103Copy_pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:283'053 bytes
First seen:2020-06-08 06:18:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:6hlm29+YwU/JOGynJoAF6YUmUj5bwxiAsOJmLR8A:6ygJOxSfjhqs5LR8A
TLSH 465423D2B131A1BD7427E7DF574510BEBA1A46B70B6E2C8D107076C1A2BC4F2E934D68
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: box.mytek-cg.info
Sending IP: 192.236.194.98
From: account@mytek-cg.info
Subject: Re: Paid Copies of Invoices TAS8459
Attachment: MT103Copy_pdf.zip (contains "MT103Copy_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:20:09 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2xblbnvjwbtpyxyvvmtojkznlbdjfrlwt2zpo4uxov5isnz4ivmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip d5c2b0b6a9b066fc5f15ab26e4ab2d584692c5769eb2f77297757a89373c4559

(this sample)

FormBook

Executable exe c80e22cd1c0ce9d113f9756e8b31e79d0609aca78aded1b18e2f73bf0b2a8333

  
Dropping
MD5 6f669002764496b18dff16d999328100
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c80e22cd1c0ce9d113f9756e8b31e79d0609aca78aded1b18e2f73bf0b2a8333

Comments