MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a84cbb31cdf069bfc816bf0183c6228bf0a3b8ca038e8f1d4152e334bea13e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a84cbb31cdf069bfc816bf0183c6228bf0a3b8ca038e8f1d4152e334bea13e0
SHA3-384 hash: c4d39f6fdb07afa5e34b450ee451f60a4549fd35696e55cf2d4c0390b47a476e06479b12813558ee65cfeca4aef0a385
SHA1 hash: 0f23eedfd6533fa371de9038c166b85ef20a095a
MD5 hash: 835c889e69e6cbf13b93c14cc5187170
humanhash: cola-mexico-march-missouri
File name:INQUIRY.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:239'841 bytes
First seen:2020-05-21 09:52:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:jO42vzV8omDichGKWGRdOM7e1zq9vm+WYYsinwp0OJj:C4Wvnc8lGRQl1zMWObp/j
TLSH 8434239177EBB6684CDDC0F776B4C3A7262615842A41AB702CD3BC277CCB48E39599C8
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: yisun.co
Sending IP: 111.90.159.196
From: Abdul Awal <era@bijoy.com>
Subject: Product Inquiry
Attachment: INQUIRY.zip (contains "INQUIRY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Generic.mg.0f32fb09814445ef.27465.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 15:35:54 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rkcmxmy434djx7ebnpybqpdcfc7quo4mua4or4oucuxdgs7kcpqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 8a84cbb31cdf069bfc816bf0183c6228bf0a3b8ca038e8f1d4152e334bea13e0

(this sample)

Formbook

Executable exe 00c47b353869bd10336878ab126ad47ba22f370c1adf89310a589d5a6c14bfe4

  
Dropping
MD5 0f32fb09814445efbb05bf85c84c799b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 00c47b353869bd10336878ab126ad47ba22f370c1adf89310a589d5a6c14bfe4

Comments