MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fa8c40b66010aa718362b8bb897a8ddbb90301af45f7741c1fc11c8ec1d1fbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fa8c40b66010aa718362b8bb897a8ddbb90301af45f7741c1fc11c8ec1d1fbf
SHA3-384 hash: c846ba980cac0ed97a9a18a2d8bf9a8a250b8026a4a391ee63edc21293a25b24a857fee02a1e01d9201114b3c37e6130
SHA1 hash: 4d2e794330e2e20495672562fa9fc1a4f03e0e42
MD5 hash: debeeda2ebd46666ab7d156bfd4ca872
humanhash: ohio-steak-nineteen-quebec
File name:NEW PO3072563851.exe.bz2
Download: download sample
Signature FormBook
Create hunting rule
File size:339'254 bytes
First seen:2020-06-02 07:01:48 UTC
Last seen:Never
File type:
MIME type:application/x-bzip2
ssdeep 6144:TwVywBuhSeC9bH4o9G1u8uXxPrEcMGXGVZk0HGH437FI08J2nTxAiwzs:cV+hSeCdY1gQNVNbRI07APs
TLSH 8A7423D8E0D5AF4ACD910F5FC6A8929B38A0BEE0B13549D1DB304D96DBE88394DED04D
Reporter abuse_ch
Tags:bz2 FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: barracuda.ebox.ca
Sending IP: 96.127.255.19
From: Alicia Adjei<alicia.adjei@clovergroup.org>
Subject: New order
Attachment: NEW PO3072563851.exe.bz2 (contains "bunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b6umic3gaefkogbwfof3rf5i3w5zama26rpxoqob7qi4r3a5d67q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

0fa8c40b66010aa718362b8bb897a8ddbb90301af45f7741c1fc11c8ec1d1fbf

(this sample)

FormBook

Executable exe b9c1be5f81b9261b1bb68fb0f667a57721bd04b750427a9382844c42d18dba6e

  
Dropping
MD5 3da0759681d198fe698227ccd07077e9
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b9c1be5f81b9261b1bb68fb0f667a57721bd04b750427a9382844c42d18dba6e

Comments