MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b13f0477dc1fa39cf53bb31ea61dc7068e57135953283538cb16155703d6c609. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b13f0477dc1fa39cf53bb31ea61dc7068e57135953283538cb16155703d6c609
SHA3-384 hash: 7aa24bd8bf908ab333d895904c94e068c0cd54dc34484a13079f5e2b059af951a5bcee0b920dd054e9b9fa8a4745d0bf
SHA1 hash: 75083c96ed2cfcc7e6eb335ac7d0dd7f5e2bfcd0
MD5 hash: fd8dd42ea9367a5baec9cceb9b3475c7
humanhash: alabama-bluebird-uncle-maryland
File name:PO.543298.img.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:358'120 bytes
First seen:2020-06-03 07:46:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:SQcoy7o8Hdd2XKxyd59P/3lvD1twmWuri2DDGg5TaJ2h/hmZrIBeV:ks8rqlvD1tnzDC1Y/hmBwW
TLSH CB7423C02ED495F0A28AC0956F5F9306F53E12498B9D0817EBCF56E1CFDC588AB329D6
Reporter abuse_ch
Tags:ESP FormBook geo Outlook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: EUR06-VI1-obe.outbound.protection.outlook.com
Sending IP: 40.92.17.98
From: Eric Quispe Ruiz <denis_quispe2@hotmail.com>
Subject: Estamos interesados ​​en su producto-Solicitud de precio y plazo de entrega
Attachment: PO.543298.img.rar (contains "mgkreERjvr7XiMz.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:29:00 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=we7qi564d6rzz5j3wmpkmhoha2hfoe2zkmudkoglcykvoa6wyyeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar b13f0477dc1fa39cf53bb31ea61dc7068e57135953283538cb16155703d6c609

(this sample)

FormBook

Executable exe ce6d1fc239eb571fde9427c0d7f11d7b6a7a1c0466711524b690ca0de3556a6b

  
Dropping
MD5 332c98e548482176fda185f932f2ed18
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ce6d1fc239eb571fde9427c0d7f11d7b6a7a1c0466711524b690ca0de3556a6b

Comments