MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 812c58e03bc9b1aea8ec2cece2b705c4614e0173dbc3940f861cd83aa4fe4b2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 812c58e03bc9b1aea8ec2cece2b705c4614e0173dbc3940f861cd83aa4fe4b2f
SHA3-384 hash: 116fc85304c51492c6bf3c741c26f74376e80e02f1a30c5abfccd75d761039af143b84cc819c29de71c6c7b6e5e43ed7
SHA1 hash: 4ecf1653c3422b4aa2c8fe862e379834fe65924f
MD5 hash: 53878d0e6f333ec31ed25e7053b97b71
humanhash: wisconsin-bacon-thirteen-fish
File name:REF 881331.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:230'536 bytes
First seen:2020-05-20 08:35:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:iNG4JEUmklqxUth0lHdl1NR5Q2kI4/ZH1YjS+h:MzG/CmUAtn5Q2kI4/1O
TLSH 6E34233676D93631D0307BAE3EE37866EAE31E48148263BD2760C1AF5C8A90D51E057F
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gongcha.com
Sending IP: 80.85.157.91
From: JURFAHMI <jurubina@unireka.com>
Subject: RE: quotation
Attachment: REF 881331.rar (contains "REF 881331.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 09:36:12 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qewfryb3zgy25khmftwofnyfyrqu4alt3pbzid4gdtmdvjh6jmxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 812c58e03bc9b1aea8ec2cece2b705c4614e0173dbc3940f861cd83aa4fe4b2f

(this sample)

FormBook

Executable exe 1db7fd03dd728cf21ada9d1bed2921bb70104a77935ad50aaa0851d4a6d3ccb5

  
Dropping
MD5 9788abbf4c68ae39eef73e7b53093607
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1db7fd03dd728cf21ada9d1bed2921bb70104a77935ad50aaa0851d4a6d3ccb5

Comments