MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 399f7d6b7d33d2a1789266aecd3e224a72d78837e80a5df086a79477b77e9c23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 399f7d6b7d33d2a1789266aecd3e224a72d78837e80a5df086a79477b77e9c23
SHA3-384 hash: 057c2539c28221c1d7d4d2eda975c4146260725afd5642c0f0f2df3bd4c75d8516e2e046344cca3b73de37b81b4ed2ec
SHA1 hash: 3ac0c1e27dd01cd8ad7356f75d4066755e8a7842
MD5 hash: b275fa4cd4b66f2588c303ef9d94e827
humanhash: mississippi-river-golf-purple
File name:RFQ-20-QAI-PRJ-0051- Appendix C - CATALOGUE.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:484'983 bytes
First seen:2020-05-05 11:25:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:5boYcNlhFiZJEcFSLt+0SW9E+4a3QDHWMnTPqpO1Pu:5UdliZJECSHV9E+25nTipO1W
TLSH AFA423CDBF52F8247E3637AC155DCFDAAB588F4A084A97684356C025318DE26DB183B3
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ns1.rswoodeny.pw
Sending IP: 173.82.94.231
From: info-rswoodeny.pw <info@rswoodeny.pw>
Subject: RFQ-20-QAI-PRJ-0051 - Request for Sales Quotation (MAY ORDER)
Attachment: RFQ-20-QAI-PRJ-0051- Appendix C - CATALOGUE.rar (contains "RFQ-20-QAI-PRJ-0051- Appendix C - CATALOGUE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 11:36:52 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hgpx2235gpjkc6esm2xm2prcjjznpcbx5aff34egu6khpn36tqrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 399f7d6b7d33d2a1789266aecd3e224a72d78837e80a5df086a79477b77e9c23

(this sample)

FormBook

Executable exe b15e73b2d51419b400b89026edebba20b70600b62043a5a5c16050dd278f4c36

  
Dropping
MD5 24339d42a194dc68b690d53469ec20cb
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b15e73b2d51419b400b89026edebba20b70600b62043a5a5c16050dd278f4c36

Comments