MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e66081aba851d8142e6649cba13a45cf2d73d1f70f56d60f0df34a3b309bf5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e66081aba851d8142e6649cba13a45cf2d73d1f70f56d60f0df34a3b309bf5e
SHA3-384 hash: c92bb59e609eddc8df7db8d8222564c1348c6ce76b275c9db693b1b886327ac22107c98b393d6e3ae09f68124d95cbab
SHA1 hash: 04bc2a02dd1ba90608b314cac4c0639613ae4c37
MD5 hash: 04a3d4f52eb7be9b343352aa6e78d6cb
humanhash: river-august-mobile-twenty
File name:Shenzhen.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:212'781 bytes
First seen:2020-05-11 08:19:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:M0Z9feAogt/WwrzFjyp/5Dw+MX5vKfFXFpswU2Rm0eK1ZnF2P11ATXNZFcG+s8Ek:fZFfonwrzFn+Mu/NU30zD2vATXNN2Br
TLSH DA242362D029FFB24CD9B611A66A69BBC05F3EE341A0F363579A5712ECD42613FD2043
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: colorntouch.co
Sending IP: 111.90.141.162
From: Robert Cosmin <cosmin854@colorntouch.co>
Subject: RE: RE: 0322/PO/GEN/IV/2020
Attachment: Shenzhen.rar (contains "Shenzhen.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 08:36:42 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nztaqgv2quoycqxgmsolue5eltznopi7od2w2yhq342khmyjx5pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 6e66081aba851d8142e6649cba13a45cf2d73d1f70f56d60f0df34a3b309bf5e

(this sample)

FormBook

Executable exe 0f014ffb0f5d6c1d60604f77036406bab647d0eec541be614a604160c202c3ab

  
Dropping
MD5 b2bc3e33ad2f8f724d45f216ab002f6e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0f014ffb0f5d6c1d60604f77036406bab647d0eec541be614a604160c202c3ab

Comments