MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac2793ce383523ab97126e94e6299e0ccbc47f2bec94f9f2f91bb69f1c4a6ede. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac2793ce383523ab97126e94e6299e0ccbc47f2bec94f9f2f91bb69f1c4a6ede
SHA3-384 hash: 56fd9594a1443beab5603ada3111e23f8958c88377e8f8bc189d428df74c58f181ef38497698f799566d5be276c6c951
SHA1 hash: c828e39429e5c46c175b51207bbc4fbee91e8b28
MD5 hash: c0212209b524fc9b1d0ec23f7222079c
humanhash: georgia-carpet-cola-crazy
File name:Communication delays dev. packaging 0325037377.r00
Download: download sample
Signature FormBook
Create hunting rule
File size:585'785 bytes
First seen:2020-08-04 11:06:45 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:uhlPlX0Cps52aIEpaWMEYIKl9w4CBBW23bbA4aHEnNHxwPljEkf54rr:uRlX0NcCasYIKb+BBd3b0bHcNRAfef
TLSH 15C42347BBD90204F38C4D8AF25050AB0EB5FD69791F214CC6ABFDBB94A08146DF94B6
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: brenntag.es
Sending IP: 103.133.106.216
From: nordeste@brenntag.es
Subject: Communication delays dev. packaging 0325037377
Attachment: Communication delays dev. packaging 0325037377.r00 (contains "Communication delays dev. packaging 0325037377.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac2793ce383523ab97126e94e6299e0ccbc47f2bec94f9f2f91bb69f1c4a6ede/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 11:08:08 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vqtzhtrygur2xfysn2komkm6btf4i7zl5skpt4xzdo3j6hckn3pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ac2793ce383523ab97126e94e6299e0ccbc47f2bec94f9f2f91bb69f1c4a6ede

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 ac2793ce383523ab97126e94e6299e0ccbc47f2bec94f9f2f91bb69f1c4a6ede

(this sample)

FormBook

Executable exe 8fa9dd16bb791bea50566208c8b216acc3c41e5c65495f34c3dcf99c595fccc8

  
Dropping
MD5 518c0be4c7ebc6ec4929b6eceac36b9e
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8fa9dd16bb791bea50566208c8b216acc3c41e5c65495f34c3dcf99c595fccc8

Comments