MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a50864ac82f2721f30b3b5e3cb41840e368a759e5573fc83f601f5697780db60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a50864ac82f2721f30b3b5e3cb41840e368a759e5573fc83f601f5697780db60
SHA3-384 hash: 6439944c3a3fd970eacd13a81f2fc73aed26ae48f0aaea151387c49cfeb0c3def018ce8f505d28f14e273bc512f99ccd
SHA1 hash: 09fdd71baaf2ad25b75d6a608985854a5af865c6
MD5 hash: 862c6fa98e0d4e70f0ac8d8abd30f660
humanhash: leopard-stream-autumn-coffee
File name:Order NORM-761-0.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:235'494 bytes
First seen:2020-05-21 07:14:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Uo02ck+IlQxqDtEk2zwVGuH/yrIwpaCwhmrt:Uo06u+DUuH/Cszmrt
TLSH A3342394BA43C247A1EEBAF0A47750BB707E858084AC69C63C51CE9F2437D4163D5EEE
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.202
From: Munish Aggarwal <admin@yingshitech.com>
Subject: Purchase Order NORM-761-0
Attachment: Order NORM-761-0.rar (contains "Order NORM-761-0.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 07:36:01 UTC
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uuegjlec6jzb6mftwxr4wqmeby3iu5m6kvz7za7wah2ws54a3nqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar a50864ac82f2721f30b3b5e3cb41840e368a759e5573fc83f601f5697780db60

(this sample)

FormBook

Executable exe 8df71043e89088e65c08e918cdd0d0278e78ce39d3d22e04e0310c3d7ec50b28

  
Dropping
MD5 c6b5608992556178b0f056e4f5e0eb4d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8df71043e89088e65c08e918cdd0d0278e78ce39d3d22e04e0310c3d7ec50b28

Comments