MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e116de1777dbc7764e58bbc7f19ed9dc7413f6d1a8275dc163ba3510a9b9f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0e116de1777dbc7764e58bbc7f19ed9dc7413f6d1a8275dc163ba3510a9b9f5
SHA3-384 hash: 249fce77c627ba46a29faf5d9f1f4b5d2b9ea281fd79be479148d0b134a7e63fef2bc48fc72ac1fa64c2049cc86656f1
SHA1 hash: 3f2267dfda0610835fbff48fcf48196356a3f161
MD5 hash: 33707848ef166af512721328c6df7a15
humanhash: uncle-oxygen-foxtrot-table
File name:purchase order 4000055885.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:226'253 bytes
First seen:2020-05-19 04:56:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:duRinxwf2w9hy2oQnRUSXwZWRrgoh3l9bD/6V9ITuUda+iUiZVK8PpReQl:4RKwVHpUSQW133vb6VIdBX8PpsQl
TLSH 392423A6E0BFBC25CE3D1447E8D2D9A11CAC4F84DDD57B82A7168BDF29A31C9081670D
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 3sapparel.co
Sending IP: 111.90.140.230
From: INK Hippo Services Labuan <inkhlppo@gmail.com>
Reply-To: patbonnantakui@gmail.com
Subject: ENQUIRY
Attachment: purchase order 4000055885.rar (contains "purchase order 4000055885.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 05:36:05 UTC
File Type:
Binary (Archive)
Extracted files:
47
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wdqrnxqxo7n4o5solc54p4m63hohie7w2gucoxobmo5dkefjxh2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar b0e116de1777dbc7764e58bbc7f19ed9dc7413f6d1a8275dc163ba3510a9b9f5

(this sample)

FormBook

Executable exe d34d8c49cd2a0b39fb3fc65ce6d5111611efc97e6a80a1f2a34853695b8a3221

  
Dropping
MD5 b85f9420c4c7abaa826963d0150eb163
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d34d8c49cd2a0b39fb3fc65ce6d5111611efc97e6a80a1f2a34853695b8a3221

Comments