MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff69be471c7d69a90c50017c03e4e5204f8edf419487e9944860475dd833cc1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff69be471c7d69a90c50017c03e4e5204f8edf419487e9944860475dd833cc1e
SHA3-384 hash: 9eef3f3e55a3c989a7432a78b5f23c1d38a31ac8bbc0eda81a238a10a12dc74ae86953159e426e62cc421e7d1318b449
SHA1 hash: 8956aa3ada0ae9f4579a4e9d50a7d37bb02df1a8
MD5 hash: a8d224bf9c15da46df2d9d3dde069b0d
humanhash: solar-alaska-delaware-asparagus
File name:purchase order from Innovix Distribution Limited, Hong Kong.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:678'135 bytes
First seen:2020-06-17 05:54:28 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ZldNQb+C0fQZo26assOthdSCzGRgk7I2GMu50NmZFPhXEpiwmRNm/m9dKB6AMJ0:5NrfQZBrWUCz2gkItZFQiw+YOi2J0
TLSH D7E4237056C0FEB536EE9525F0FE3436870EB60D3CAB0C96475420A5955B2AC688CF2F
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 162-241-215-80.unifiedlayer.com
Sending IP: 162.241.215.80
From: Eric Wang <ericwang-hk@innovix.com>
Reply-To: Eric Wang <ericwang-hk@innovix.com>
Subject: REQUEST FOR QUOTATION - NO: 792-286
Attachment: purchase order from Innovix Distribution Limited, Hong Kong.rar (contains "purchase order from Innovix Distribution Limited, Hong Kong.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 05:56:10 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=75u34ry4pvu2sdcqaf6ahzhfebhy5x2bssd6tfcimbdv3wbtzqpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar ff69be471c7d69a90c50017c03e4e5204f8edf419487e9944860475dd833cc1e

(this sample)

FormBook

Executable exe 6740dedb2240b867fd09e2b5fe3a3c1e1a76c5067c9b7e9e77ef709a48f906ee

  
Dropping
MD5 a6d242a7659717390c09bf5c2ba82ab0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6740dedb2240b867fd09e2b5fe3a3c1e1a76c5067c9b7e9e77ef709a48f906ee

Comments