MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1e1f20f6ceaa8d29aa7afd7b4da8cb4aee9571c539fb377aeeaa898b021fc74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1e1f20f6ceaa8d29aa7afd7b4da8cb4aee9571c539fb377aeeaa898b021fc74
SHA3-384 hash: 2d8f91ee5dd536a9a11606c382084db3f538d2b0f872bfc058b404fcb60041acafed998b79655abdca07d64c1110d53c
SHA1 hash: 09ab981975d84c086a6ec10c06f462cbb7869e3c
MD5 hash: b6ff2d622f4fece142955a0b35bc11bc
humanhash: failed-beer-alpha-july
File name:RFQ20200603283 QUOTATION REQUIRED PDF.r00
Download: download sample
Signature FormBook
Create hunting rule
File size:242'363 bytes
First seen:2020-06-03 10:12:19 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:aM4SWJdbOK+YAZfU1HfzjZajTWFZM2n1QpBGXroEokyYQ:B8dSWgfU1yCY21QyXcEo1F
TLSH 0D342336236BE2582573DBD8CC36A63D98F9AFB746FA86C78714503471470A0B0D5E2A
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing FormBook:

From: maurlce.clerc@yahoo.com
Subject: QUOTATION REQUIRED
Attachment: RFQ20200603283 QUOTATION REQUIRED PDF.r00 (contains "RFQ20200603283 QUOTATION REQUIRED PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:36:39 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uhq7ed3m5kunfgvhv7l3jwumwsxosvy4kop3g55o5kujrmbb7r2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 a1e1f20f6ceaa8d29aa7afd7b4da8cb4aee9571c539fb377aeeaa898b021fc74

(this sample)

FormBook

Executable exe 391a7e0172d79865fadaf54777398f0cfa129ae9fa39ffe5d40870837f791eb1

  
Dropping
MD5 e0f0b5e501ddd112944536514eccc882
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 391a7e0172d79865fadaf54777398f0cfa129ae9fa39ffe5d40870837f791eb1

Comments