MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ff01fcffc4401b112f545bcd8c1b6daca0991eb5e4de222334b7514fbf6d6aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ff01fcffc4401b112f545bcd8c1b6daca0991eb5e4de222334b7514fbf6d6aa
SHA3-384 hash: 6d316a52dc53b476bbbaa8bf75486099acd86bfab16e5c6ab938d3aa98da2d90442b689ad0c7af3b618d12bc9c0393df
SHA1 hash: a55af71b2c9d59082806afe20a6d50c571085761
MD5 hash: b856bb3109491b5d8e6d1f6291067493
humanhash: quiet-johnny-jig-item
File name:TT copy.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:300'762 bytes
First seen:2020-05-27 06:37:46 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:j8PZ1rjkY9yMwulet+DlX3ij44wkLA9f3bGLpk/RRwq8jAp/PdM:jETrjyMvet+DlX3vk89fCCJCENM
TLSH E354128467CD2520BD2BDC95DB05B37C72625ACCEAE3D87CB21F779975280121782ECA
Reporter abuse_ch
Tags:FormBook gz HSBC


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: nugraha.pw
Sending IP: 198.148.118.237
From: HSBC <info@nugraha.pw>
Subject: TT COPY
Attachment: TT copy.gz (contains "TT copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:17:14 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz 9ff01fcffc4401b112f545bcd8c1b6daca0991eb5e4de222334b7514fbf6d6aa

(this sample)

FormBook

Executable exe 8724cbdd787358fa70708cd785ab59acbdfdd7b7e31c1b877d92feeeb7504f0a

  
Dropping
MD5 c19d59549a5cda51fea4336732d45fd6
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8724cbdd787358fa70708cd785ab59acbdfdd7b7e31c1b877d92feeeb7504f0a

Comments