MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7df8aeede6161f0012412d6b7cb7deb6ec11de518df6087603db44514d7e9ac2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7df8aeede6161f0012412d6b7cb7deb6ec11de518df6087603db44514d7e9ac2
SHA3-384 hash: 43be50cfe7fa127b1064f1e0271de007783f5e7e00942405ba33e77fce9a4c615460ee792cb79baed7f8f30de0cdc8c5
SHA1 hash: 9e75e49f32ccd4c944da84c0463ab3adfd91f204
MD5 hash: f72b4d43f8b6b42ce7b5b7cc8cf9a065
humanhash: cold-queen-lemon-oranges
File name:TRS0000001062020_pdf.img
Download: download sample
Signature FormBook
Create hunting rule
File size:421'888 bytes
First seen:2020-06-02 10:13:37 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:TSp3JvgZLQKVcoc8Wc60S/sFtNAPjf3YwfHb6w:T65AsI5HIUtNOjfIwPu
TLSH 3094CF14B951C43EF897D6BC1854A521A2AAED2282B1B0CB33CC7DCA5BB35D35B32357
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: kingstondc.com
Sending IP: 45.153.240.99
From: Vian F. Babaka<vian.babaka@ngc-uk.com>
Subject: Transaction copy
Attachment: TRS0000001062020_pdf.img (contains "TRS0000001062020_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:37:07 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=px4k53pgcypqaesbfvvxzn66w3wbdxsrrx3aq5qd3ncfctl6tlba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 7df8aeede6161f0012412d6b7cb7deb6ec11de518df6087603db44514d7e9ac2

(this sample)

FormBook

Executable exe 590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23

  
Dropping
MD5 e59f75085d892b91e0400b1d80967cc5
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23

Comments