MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96a45aa6b11334754407ad348675045fc8b38ee42300b1c1a1890db528c55484. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96a45aa6b11334754407ad348675045fc8b38ee42300b1c1a1890db528c55484
SHA3-384 hash: fc4e499e927fa908e6c16670283c46a4b49d6faf78ead569dbd916d1217f87a80e4574cdf732970008389dfcd223b9d8
SHA1 hash: 8c486f214d8a89e02581e96cf5582214452bb750
MD5 hash: 40dc6e85f87183665ea359fa7f987c4c
humanhash: crazy-king-fanta-pasta
File name:PO589698480055.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:458'380 bytes
First seen:2020-05-04 20:07:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:T4f6eYsrnalw0lYLHBOHSq540h7qLN56SwyGyRt:8Osralw2ryqK0Bcj6Swyjn
TLSH 51A423B79740BB5077B57BCC67FCD2B46C12CF6274AA1A296812E6B15337204CEB8346
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ugso.odessa.ua
Sending IP: 195.138.65.238
From: Nur Dythicia Auni (SALES) <enquirys@automationsystems.com.my>
Subject: [Ext] QUOTATION (QT-408-083-NDA-Rev01).
Attachment: PO589698480055.zip (contains "PO589698480055.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33777688.9846.12506.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 14:34:06 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s2sfvjvrcm2hkrahvu2im5iel7elhdxeemaldqnbreg3kkgfksca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 96a45aa6b11334754407ad348675045fc8b38ee42300b1c1a1890db528c55484

(this sample)

FormBook

Executable exe 5a67dee45b2e60de47e22739c8be8614f31cdb4acbaf554f37d06ea41ddd8762

  
Dropping
MD5 c3b570985ebb19c8b6fefc9fdaf74760
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a67dee45b2e60de47e22739c8be8614f31cdb4acbaf554f37d06ea41ddd8762

Comments