MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96f2917dee94ce4e3c599631b1103ae8997af793627356a15dbc9ec5595b7465. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96f2917dee94ce4e3c599631b1103ae8997af793627356a15dbc9ec5595b7465
SHA3-384 hash: bcfae3711a3f8361b21cc465a1f040c84bb3c9f10febbafd06ee1385177f9a72819929bacb4ba4c0588dcd85e5878882
SHA1 hash: d4ce9b7f11a43c5cfc8204ecd2d62f243e28d712
MD5 hash: e185cc39dd557c42064472144b8d020c
humanhash: king-pluto-idaho-oven
File name:BL_ETA-208324A,XLS.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:280'584 bytes
First seen:2020-05-13 16:35:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:+T02WQhK2ecb67ulTSWnES+owtGXMac6DR3BEyOmNL+KpbgeID:+TxWQQ2ecbbluS+1cct6zEy3LBb5ID
TLSH 235423BE0DEDB9DE0736483B9CD5E27E9E2F40AC769AD6AD250CC2610642490CDF194F
Reporter abuse_ch
Tags:FormBook Maersk rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: cathay-food.co
Sending IP: 111.90.140.123
From: Maersk Line. <tgpark@ms32.hinet.net>
Reply-To: tgpark@ms32.hinet.net
Subject: RE: FW: SHIPMENT ADVISE
Attachment: BL_ETA-208324A,XLS.rar (contains "BL_ETA-208324A,XLS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 17:36:33 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3zjc7posthe4pczsyy3ceb25cmxv54tmjzvnik5xspmkwk3orsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 96f2917dee94ce4e3c599631b1103ae8997af793627356a15dbc9ec5595b7465

(this sample)

FormBook

Executable exe 85505333febdea8ad7713419b8ee4aa5acec7ff62a5f0e3a3649ecc89be6a681

  
Dropping
MD5 d29e0553c451b37a0404291d4765f4d1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 85505333febdea8ad7713419b8ee4aa5acec7ff62a5f0e3a3649ecc89be6a681

Comments