MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb20060ecd58c9b4e32d132bfe44f27236c0a66b497c38deb328a973fc8881d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb20060ecd58c9b4e32d132bfe44f27236c0a66b497c38deb328a973fc8881d4
SHA3-384 hash: 2317547c0a110e9c3d2195803a672001e84435f2b9f3b9882d3cb0437c21eae8d63d1438b28282fbeefbc9e97eae855a
SHA1 hash: afe76a6c34a74df292beff5c5e59a9d0e157f650
MD5 hash: fef1635a3f99a3dbbd41d96b08141f19
humanhash: comet-social-uranus-hydrogen
File name:2020518.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:222'534 bytes
First seen:2020-05-18 06:25:15 UTC
Last seen:2020-05-18 07:04:08 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:q62UMZMkQMjIx7mU5PHKNs0QBXdOfnf13:qZUmWeIt3PqS0mNOX13
TLSH 672423AD764208AE9087C9B9AECE6BB80F85BDB553CC533C6C771EC7623C1D644AC524
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: cmhk.com
Sending IP: 37.49.230.164
From: "Sūn Démíng (孫德明)" <relation@cmhk.com>
Reply-To: yingzhang67@yahoo.com
Subject: RFQ/ORDER #2020518
Attachment: 2020518.zip (contains "2020518.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis4C535D6A27A8.29837.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 23:19:00 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5mqamdwnlde3jyzncmv74rhsoi3mbjtljf6drxvtfcuxh7eiqhka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip eb20060ecd58c9b4e32d132bfe44f27236c0a66b497c38deb328a973fc8881d4

(this sample)

FormBook

Executable exe 8078d97844b57f9ee1521ac19ed0382b13c249a5fc9440d72e032589d1bf1280

  
Dropping
MD5 4c535d6a27a8da414e35237f211da107
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8078d97844b57f9ee1521ac19ed0382b13c249a5fc9440d72e032589d1bf1280

Comments