MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53095085e40ccddb3a3446a95278c66531117df309e89154b7525e108ded343b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53095085e40ccddb3a3446a95278c66531117df309e89154b7525e108ded343b
SHA3-384 hash: 9bfbe6f34d08339b0a544b6be4f2e576824caadd82a6286455a73aa45dab4d5b17e055697f266799dc84dc971230b385
SHA1 hash: 3cc3ac84f46864aec9b25eceb32fe8e0017615b9
MD5 hash: 575c86ee7546e3d8242d891a1bd65875
humanhash: kilo-item-mike-shade
File name:UNSM-RFQ286-2020 REV1-xlsx.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:407'243 bytes
First seen:2020-05-21 10:07:40 UTC
Last seen:2020-05-22 06:44:11 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:pdFx636ioFupAy70z9hCyWl5iJZyG537oDVlkXnvvFnEu6cibvHDtFsN8zfsG/gb:pl3ioBy7IR7Zy0IVqXCzDfsIx4
TLSH 2B8423EC125EDC992EEE33E236AD488AA72702D6EF730657C2B500B55C1793E5497323
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: unsmuae.com
Sending IP: 103.99.1.174
From: UNSM Marina Zacharoudi <unsm.reps@unsmuae.com>
Reply-To: unsm.reps@unsmuae.com
Subject: AOS Ratchaburi / Stores delivery request- OPL
Attachment: UNSM-RFQ286-2020 REV1-xlsx.gz (contains "UNSM-RFQ286-2020 REV1-xlsx.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.7.24267.5419.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:59:53 UTC
File Type:
Binary (Archive)
Extracted files:
266
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kmevbbpebtg5worui2uve6ggmuyrc7ptbhujcvfxkjpbbdpngq5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 53095085e40ccddb3a3446a95278c66531117df309e89154b7525e108ded343b

(this sample)

FormBook

Executable exe 490a783bc399cb6dd9b64ecc8d0f909830fe1a351d18f148493fcdf6eefb52cd

  
Dropping
MD5 1f81cb552bc722707ef778cb3457ed28
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 490a783bc399cb6dd9b64ecc8d0f909830fe1a351d18f148493fcdf6eefb52cd

Comments