MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65697808e98fa6d0f5570368450de8cef94a6e00671c1599bfa360c179c02084. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65697808e98fa6d0f5570368450de8cef94a6e00671c1599bfa360c179c02084
SHA3-384 hash: 30af1ef8f53724e569985b8a2eed0ac1161563261256be2aba8a0ad321c018a154cb6497d92651f0bd7ff3d5a3744b8e
SHA1 hash: 980b3f4fb924e334a79a10806042130024d698dc
MD5 hash: 3eed4111ae42f3955165337f54760ca5
humanhash: juliet-oregon-colorado-nuts
File name:DHL293413110039.IMG
Download: download sample
Signature FormBook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-19 13:50:19 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:+T0/WU4tnMFnOoa+Z1VWWnTHZr3Fv5m0k0TdHH5WzcE3r0tjQb2agw+WnpBW:+T0ebpMx1VnTHZrpkId5WzcO0uC3bW
TLSH 28459F14D2A8C762D9CD86B6CDE5110407E4EBEE0D0FEF86AEA974E5BB07343642644F
Reporter abuse_ch
Tags:DHL FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mout.perfora.net
Sending IP: 74.208.4.194
From: Darin, DHL <darin@interstatebatteriestampa.com>
Reply-To: Darin, DHL <darin@interstatebatteriestampa.com>
Subject: DHL Pickup Confirmation DHL293413110039
Attachment: DHL293413110039.IMG (contains "DHL293413110038.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47138.26021.20777.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 11:31:12 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mvuxqchjr6tnb5kxanuekdpiz34uu3qam4oblgn7unqmc6oaecca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 65697808e98fa6d0f5570368450de8cef94a6e00671c1599bfa360c179c02084

(this sample)

FormBook

Executable exe bae14f53a8553b739d9eae5d0f751e608e7f33f3d7fecf92f345bc806bf676d5

  
Dropping
MD5 09cf2a72e211284eedfe88440a80f39d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bae14f53a8553b739d9eae5d0f751e608e7f33f3d7fecf92f345bc806bf676d5

Comments