MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92bb6b8d4eedf838f2dc1292d67c5b481a45c192d053f6b9fe00d66b798b7f23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92bb6b8d4eedf838f2dc1292d67c5b481a45c192d053f6b9fe00d66b798b7f23
SHA3-384 hash: 2f14c46fc64a984eabf49e3199ab7d1b157f017011c3107281db12f633434305c75bfee6cef3908455f971f33f5d19c3
SHA1 hash: 78feed3b3c2cee86c03cf642cbf4bf9655af7500
MD5 hash: 27544f9e4d2e349a860f3f04d36024f5
humanhash: paris-blossom-saturn-victor
File name:PO00918052020.r00
Download: download sample
Signature FormBook
Create hunting rule
File size:280'460 bytes
First seen:2020-05-20 11:51:26 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:HKypVsC+cWzvTnB9OVKTBFZtfp/ccWQR8WVXDt5DQfr5WBXfUE7Icrx6m7:HDT9q7TntWQR8s8r5LEPP
TLSH EE5423AEF57E0D73E3432D2B16EECE72CA668A0797C633378055D117A09D662C3689C4
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.moenepa.ml
Sending IP: 173.82.202.62
From: Hans Karlsen <admin@moenepa.ml>
Subject: Purchase Order
Attachment: PO00918052020.r00 (contains "PO#00918052020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:34:02 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sk5wxdko5x4dr4w4ckjnm7c3janelqms2bj7nop6adlgw6mlp4rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 92bb6b8d4eedf838f2dc1292d67c5b481a45c192d053f6b9fe00d66b798b7f23

(this sample)

FormBook

Executable exe 02031efb74a10f9a28cb689825268a963ea207e8c74b68aa67e7cfd70e7b174f

  
Dropping
MD5 52dc0db48e5f81402c964c577d886755
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 02031efb74a10f9a28cb689825268a963ea207e8c74b68aa67e7cfd70e7b174f

Comments