MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73f7d42dd6233f25f5a7348914c5eb14ba094527596349a35f07e4eb401d4465. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73f7d42dd6233f25f5a7348914c5eb14ba094527596349a35f07e4eb401d4465
SHA3-384 hash: 8e57d7f9af3911454944df796ee360e678473224a15d98f405bd7e4cb112e0a986f2691190ad787fc91ca3ccc15d9956
SHA1 hash: fbe7646153aeae1ad0cb94a30a9d2cd4f3f53948
MD5 hash: 5f1d0a5dd119181390fbc99037e7401c
humanhash: montana-september-alabama-comet
File name:RELaford Procurement Media Files Order Request.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-18 06:26:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:cT485wB11imavjKzCuao39DfBSo/2dchi1S5Gb0Wos:cT485wLfavjYCg3VJSo/Qchn5G/f
TLSH E445C09B66C22513C53869326162D73817F193136463EB39F4AF07936F43FBC6AA1AC4
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: imsantv23.netvigator.com
Sending IP: 210.87.247.11
From: Charlotte Lai <kklo@laford.com.hk>
Subject: AW:AW:RE:RE:RE:AW:AW:AW: Laford Procurement (Media Files) Order Request
Attachment: RELaford Procurement Media Files Order Request.img (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73f7d42dd6233f25f5a7348914c5eb14ba094527596349a35f07e4eb401d4465/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 20:54:53 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=op35ilowem7sl5nhgserjrplcs5asrjhlfruti27a7sowqa5irsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 73f7d42dd6233f25f5a7348914c5eb14ba094527596349a35f07e4eb401d4465

(this sample)

Formbook

Executable exe 4e343d50670d902ec99b2a4079f088249c3b6101d9754f763a77566af82e6f59

  
Dropping
MD5 57487346f09777112a69c9ec0ad360d2
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e343d50670d902ec99b2a4079f088249c3b6101d9754f763a77566af82e6f59

Comments