MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da88ecc4491a706d1ac441668ca8f4a23ff5a81edce083292840a5c44565ce5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da88ecc4491a706d1ac441668ca8f4a23ff5a81edce083292840a5c44565ce5a
SHA3-384 hash: e90362187fbcd0d932fa0931c40bbe473b447891601fdf6f9e1558711c5b75f43ffba61bdf8c771ed232f4099527fb62
SHA1 hash: 8c31d179513d6b1a3a371b491a343dba6bc498dc
MD5 hash: 9c585827409486c8741eb96e2dc79d7a
humanhash: don-minnesota-vegan-rugby
File name:hdhvjcyufuyhvh.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:306'148 bytes
First seen:2020-04-29 19:04:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:qpojNHKzu1sMpZwOOjUr7/yZC7a6TYvGQ3ByXbKnd:qEViOyO4Ur7qZP6EeQ3ByXa
TLSH CA5423A2A0B9C5820191434987929539F99433F1D11626D9D3FE1AE723C2E987C4BFFF
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: colorntouch.co
Sending IP: 111.90.141.162
From: Purchasing <purchasing@majuuniversal.com>
Reply-To: intertradeemito@gmail.com
Subject: REQUEST FOR QUOTATION - PR-S/P-100789
Attachment: hdhvjcyufuyhvh.rar (contains "hdhvjcyufuyhvh.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 19:36:10 UTC
File Type:
Binary (Archive)
Extracted files:
49
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3keozrcjdjyg2gweiftizkhuui77lka63tqigkjiics4irlfzzna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar da88ecc4491a706d1ac441668ca8f4a23ff5a81edce083292840a5c44565ce5a

(this sample)

Formbook

Executable exe 0a569518c639a3016fb301034043c0f1536cecd205196f0c1321c77ea0e941e2

  
Dropping
MD5 539ebb9d57943512697ec9d152b1d9d6
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a569518c639a3016fb301034043c0f1536cecd205196f0c1321c77ea0e941e2

Comments