MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b984060dd64503afadb059b7d588187b7564e3a886c70f42ea6adc44a6c6e7e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b984060dd64503afadb059b7d588187b7564e3a886c70f42ea6adc44a6c6e7e4
SHA3-384 hash: 0871b6493d546fb2a1c2f94f5bea83180a71135daa7654421da20fad866b567365c7260ac5dc440cff37d31db1e88e9e
SHA1 hash: c263719cfd434bfe891218a58a81e8494c9ce6ac
MD5 hash: f507f1bc31659197ed0f50d6e124c9b9
humanhash: arkansas-sodium-green-lithium
File name:PO737369HS.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:302'647 bytes
First seen:2020-05-13 06:40:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+pxJmg2zLT7GUSnWRlLTCmdzw7KXQ4Uz3ckYWL:+prmhTLDfTCqw7NokY6
TLSH 0554235BA867F0F306FE86237CE2915180949D382CF954F5ADF5EC5AC029C34AC9A3D9
Reporter abuse_ch
Tags:FormBook GMX zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mout.gmx.com
Sending IP: 74.208.4.201
From: Jan Rapcewicz <hankbaum7@techie.com>
Subject: Re:U_R_G_ENT O_R-DER/ June/July Shipment
Attachment: PO737369HS.zip (contains "PO#737369HS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:55:41 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgcamdowiub27lnqlg35lcaypn2wjy5iq3dq6qxknloejjwg47sa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip b984060dd64503afadb059b7d588187b7564e3a886c70f42ea6adc44a6c6e7e4

(this sample)

FormBook

Executable exe 6790e06e433d6df6123631a9af6c9fc399b1811072284d2164671b063c640a33

  
Dropping
MD5 f55adf27d53ae784f45e976803467b62
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6790e06e433d6df6123631a9af6c9fc399b1811072284d2164671b063c640a33

Comments