MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f33d26e69bc58c44722e8a0abac9859166c0809abf73a8fd7ff91faec81c2c55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f33d26e69bc58c44722e8a0abac9859166c0809abf73a8fd7ff91faec81c2c55
SHA3-384 hash: 323e04690102500c8348dfa68e2ea8a63e66c10f52d7e05d57cb902a0d255b52537736bef0b0cf933055ea4f9b3dde0f
SHA1 hash: d892383dffd379afbcf0099e72121ffb19060140
MD5 hash: 783328d824d2a6f14d5db25a0156a704
humanhash: neptune-robin-charlie-nevada
File name:Order NORM-761-0.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:241'292 bytes
First seen:2020-05-19 06:17:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:FEGXlaj5oz8b87TTtpMbCLa6Od8bVY3DKrfsf:FEcYj5foJkAJAKA
TLSH 4F342370F30239DC320D5D27C22D35540D621EA1A92597B3EFFB6454A1D23D562ABB2E
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.204
From: Munish Aggarwal <admin@yingshitech.com>
Subject: Purchase Order NORM-761-0
Attachment: Order NORM-761-0.zip (contains "Order NORM-761-0.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Sanesecurity.Malware.23990.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 06:37:07 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6m6snzu3ywgei4roriflvsmfsftmbae2x5z2r7l77ep25sa4frkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip f33d26e69bc58c44722e8a0abac9859166c0809abf73a8fd7ff91faec81c2c55

(this sample)

FormBook

Executable exe 34c443f1958966963f6976bd37eefd299c17dad91759a54166e3056da8f0ad0e

  
Dropping
MD5 6a8b89efd41625d1bf856eac66071a63
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 34c443f1958966963f6976bd37eefd299c17dad91759a54166e3056da8f0ad0e

Comments