MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ad0f62d563674c1b7b8bf1db9dc03c9a22ef1af11c4b07c0c3e20af270d4fc0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ad0f62d563674c1b7b8bf1db9dc03c9a22ef1af11c4b07c0c3e20af270d4fc0
SHA3-384 hash: 078d97b673141507f2ac27c4fe81577af2e3c5f6e4699ffe7fefbc3eb6d03e1a1003554b03c6a072792fa7034ceab2df
SHA1 hash: f0c264c67d9e748c507bacfded48bdfaa5740f6b
MD5 hash: 65ef4e367f4630f1e3288637a94b6dcc
humanhash: two-alanine-snake-blue
File name:QWN68R.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:312'898 bytes
First seen:2020-05-20 08:44:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Lht1KW3XiLlLX0ILMxUnJZwyr9cK+fUCXFvc5R/QY+/M/xh75J:Lz1KGcN6qJTR+fUCXFk5Rr+/mxhX
TLSH 31642384602ABA3E16D6E59675031F382D75A6204233F61737C903EF83A8125EEFD59F
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mgwi2.nineweb.net
Sending IP: 27.254.130.225
From: accounts@ecotechlifecycle.co.th
Subject: Attached T/T copy for payment.
Attachment: QWN68R.rar (contains "q0pddrer.q1m.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 09:36:07 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
14 of 30 (46.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hlipmlkwgz2mdn5yx4o3txadzgrc54npchcla7amhyqk6jynj7aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 3ad0f62d563674c1b7b8bf1db9dc03c9a22ef1af11c4b07c0c3e20af270d4fc0

(this sample)

FormBook

Executable exe 8f1e4d566bca753281462bd0d67815385c0d06eff9ff67e691831a0db757701c

  
Dropping
MD5 aa2c30ea587e5b05f87bf7a9799766be
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f1e4d566bca753281462bd0d67815385c0d06eff9ff67e691831a0db757701c

Comments