MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2867de10c550de3f1a942b25050b242b0a9b601f088bf9b464c2e929db10efd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2867de10c550de3f1a942b25050b242b0a9b601f088bf9b464c2e929db10efd6
SHA3-384 hash: a37c2c32e2a7b9657f5a0afe32e2a9f6c5708c4fda1b777935eb79e697b1444f60bf295e3a27f971cbc8c88247eabafb
SHA1 hash: 66fec6259ea5b9bb8ad87242d083b49f4a069955
MD5 hash: 3c30faf77a657626a6e403c61d58a203
humanhash: william-maine-cardinal-mountain
File name:hand soap.img
Download: download sample
Signature FormBook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-17 07:44:04 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:gT4bttPUXXW/qg2cf3IRsYkKA7132Sdr6aa9yp54nu5i6BitneKoRtuMu/mVagoH:g8btt8XXWf2cQRFA719r6TBBoGupoG8
TLSH 5845AE3C03E87A27C67E4379D075810C92E3C175168BE7DAE91A60E92B4F35BF46225B
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: qproxy2.mail.unifiedlayer.com
Sending IP: 69.89.16.161
From: vnexp.query@dhl.com
Subject: Your order has been received
Attachment: hand soap.img (contains "Hand soap.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.54526.22339.2902.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 07:46:05 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fbt54egfkdpd6guufmsqkczefmfjwya7bcf7tndeylustwyq57la._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 2867de10c550de3f1a942b25050b242b0a9b601f088bf9b464c2e929db10efd6

(this sample)

FormBook

Executable exe 58f28dd7cc2c257f5ac8dec9111d8cf8942e1cf62bb8334f4922e4b124d4eab9

  
Dropping
MD5 7ca11a7cea4118e31a4b439117a162c3
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 58f28dd7cc2c257f5ac8dec9111d8cf8942e1cf62bb8334f4922e4b124d4eab9

Comments