MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 412949af98ecc39dba0d6b7844a90a9dabff2a2b503cd06996896cfdc6bf9ce8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 412949af98ecc39dba0d6b7844a90a9dabff2a2b503cd06996896cfdc6bf9ce8
SHA3-384 hash: 5a86979bd11b69ab0d25740973910ab67bfb2631de4047e7ff5baa035d37243d363f955c2305d62d1efeb8d1ed4a9639
SHA1 hash: d69d1b9c1c93250fea6b523bafc6b0e1ed0ed74a
MD5 hash: cf9eaaa1a10a3cfb6e1e6caabf7ea671
humanhash: one-thirteen-magnesium-march
File name:Xenos new order.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:253'569 bytes
First seen:2020-07-02 07:18:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:rUgHfOheeqwKVzTBn0obNLdZp0I3jZ3wcmeGu:rUgWX8dT+c/N3zZ
TLSH C044233D014AEAA02660F705BFB84D06DCE44DB0731FFD8B96385FCA761C75908B5A9A
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: truegreen-cn.cam
Sending IP: 111.90.140.74
From: Sales@truegreen-cn.cam <sales@truegreen-cn.cam>
Subject: Re: Re: Xenos new order: 20-04501 634989
Attachment: Xenos new order.rar (contains "Xenos new order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/412949af98ecc39dba0d6b7844a90a9dabff2a2b503cd06996896cfdc6bf9ce8/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 07:20:05 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ieuutl4y5tbz3oqnnn4ejkiktwv76krlka6na2mwrfwp3rv7ttua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 412949af98ecc39dba0d6b7844a90a9dabff2a2b503cd06996896cfdc6bf9ce8

(this sample)

FormBook

Executable exe d4943254bdebb92508362f26bd91da77d2aaecbcd73f086b917055c704a993a5

  
Dropping
MD5 c860722d07e03cb4693e85f408515319
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d4943254bdebb92508362f26bd91da77d2aaecbcd73f086b917055c704a993a5

Comments