MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ceb812f904643d9908578ed2a442014a324e049b340ad07ddca7591c972874c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ceb812f904643d9908578ed2a442014a324e049b340ad07ddca7591c972874c
SHA3-384 hash: 460d830002873001f7aa0fda6e9efa41119714cec89b57c0b42decb73d42f92ed96da7a0cd6f1859f23dad9e6870f50f
SHA1 hash: 44105bb0fdd36ec0c253fa7e637fd00e562b9936
MD5 hash: f906de6a878c454ad2e42a15f3fa3c63
humanhash: beryllium-ten-lemon-march
File name:RFQ-20-QAI-PRJ-0051-SPP DOCS.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:266'221 bytes
First seen:2020-05-27 08:21:05 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:RxgpB4oMdig1As1qVH1tqzxUPypVvth4P9S9Z6Jc7em/vEb:RYB//g1As1cVt66P8FSUS1wQ
TLSH D54423803E5592948A518DC146BED6ADEF320712BEFFFA0BBF96D18BA029711E05447C
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.pixarch.net
Sending IP: 198.57.201.42
From: Norserni Mat Nor <norser.matnor@sapuraenergy.com>
Subject: Fwd: SK1200 / REF NO: SK12-17-0173/300007670,CLOSING DATE: 29 May 2020
Attachment: RFQ-20-QAI-PRJ-0051-SPP DOCS.arj (contains "RFQ-20-QAI-PRJ-0051-SP&P DOCS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 08:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
13 of 30 (43.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 1ceb812f904643d9908578ed2a442014a324e049b340ad07ddca7591c972874c

(this sample)

FormBook

Executable exe 9e38a0eee8aa6aacbe3bc31a37f26b94d32777868c4e71b86001f196c0826aad

  
Dropping
MD5 ebebce40c36ff660a1a9004da4ead545
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9e38a0eee8aa6aacbe3bc31a37f26b94d32777868c4e71b86001f196c0826aad

Comments