MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a4c79a0e3c71e3328f6fb87d140d9addc200bb8d3c6a263fa71d211f5da6618. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a4c79a0e3c71e3328f6fb87d140d9addc200bb8d3c6a263fa71d211f5da6618
SHA3-384 hash: b796c933f3610a455277d18eba1fcf52bd7a2db84794d705be7b4b1af95e9033cafc498ff60942fd7688a4f84e62a9cb
SHA1 hash: 27e633e7c2cb04f158eef2b20bc3a12a719909eb
MD5 hash: f6df3f6c6aff10155d9602437ce76b2e
humanhash: winner-five-nine-bluebird
File name:RFQ 15420.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:268'004 bytes
First seen:2020-05-11 08:44:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:zJYfClqw0Le0ZJl1ce/vtawYKAJqxmEp3rhjLnK2Mmgqbs:FWClF0TjRntaYNmEtLnKbbn
TLSH 8944239CB89324D75CCEFF7918BDE00B2E1CF429BD5A3C93256489EA5E0DB1135E6092
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 3sapparel.co
Sending IP: 111.90.140.230
From: Boojae Seo <bj.seo@dbkkorea.com>
Reply-To: patbonnantakui@gmail.com
Subject: Request for Quotation
Attachment: RFQ 15420.rar (contains "RFQ 15420.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:36:28 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=njghtihdy4pdgkhw7od5cqgzvxocac5y2pdkey72ohjbd5o2myma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 6a4c79a0e3c71e3328f6fb87d140d9addc200bb8d3c6a263fa71d211f5da6618

(this sample)

FormBook

Executable exe fdc67b7ce3f138fdabedcdfb99031b8dfcfffa0d91304dfba7715c9530642837

  
Dropping
MD5 46edb977b730b268bd75fd2d57e169c6
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fdc67b7ce3f138fdabedcdfb99031b8dfcfffa0d91304dfba7715c9530642837

Comments