MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 183ac9cd489605b2a26f9971454a4eab32f406455d88328a6a9fdcdcdd8484d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 183ac9cd489605b2a26f9971454a4eab32f406455d88328a6a9fdcdcdd8484d8
SHA3-384 hash: cc07273ee42274d1f9d7e7f92ca789c517612aca520ec9d861d78345d44b9a8c69f52efd1a9df84dcbb26440df12fa7a
SHA1 hash: 47b3d893fc6f6453451a7c037150fa9a19b1032b
MD5 hash: e134f0ac480e7399aaadfc59a2dd88d9
humanhash: freddie-south-uranus-virginia
File name:PO92574853.r00
Download: download sample
Signature FormBook
Create hunting rule
File size:207'746 bytes
First seen:2020-05-05 10:58:20 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:IEvO5ClFCsjXKc9/hiTh/pG6QCCbhkKUElzV2Zb/1:IEvOP6hs7G6QD5lzUZb1
TLSH EF1412F46792F9129655C9076DD1B9B2205E36F39FE19F30E2E2BF10122CB3A6C94670
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.moxiege.gq
Sending IP: 103.133.109.19
From: Import & Marketing Manager <admin@moxiege.gq>
Subject: Re: Purchase Order
Attachment: PO92574853.r00 (contains "PO#92574853.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 11:36:48 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=da5mttkisyc3fitptfyukssovmzpibsflwedfctkt7onzxmeqtma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 183ac9cd489605b2a26f9971454a4eab32f406455d88328a6a9fdcdcdd8484d8

(this sample)

FormBook

Executable exe c4758d6e6dc8ddef0f36e438329c3dfb9892848d5e48dd929223327838882504

  
Dropping
MD5 3b66a44282dd42c1e464a19c96c4b78b
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c4758d6e6dc8ddef0f36e438329c3dfb9892848d5e48dd929223327838882504

Comments