MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c223fceadad4fc1006603457f45f17e0f475d62e32b45ce0d6a35ac034e77360. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c223fceadad4fc1006603457f45f17e0f475d62e32b45ce0d6a35ac034e77360
SHA3-384 hash: 4917a27f816bdfef7d3824b064ec73815f40d56505b7a28a32ddd4d138f4f7e913afacb3915058976e9e47b9d28a9f08
SHA1 hash: e14a1a1ee56b6f397dae6901050cb0d96a1bc09e
MD5 hash: 2fe4347f89058cda351f66bfbe617ff4
humanhash: beryllium-happy-fifteen-dakota
File name:RFQ-MNAMR-001RB-WhastsAAp Images.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:333'867 bytes
First seen:2020-05-07 06:51:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:u5TBPu1UXK4QC5dfmNcg0NbqJshOYVtlyY2o9SjZ8/7hU6y4dTmGa7fd7lM:SPsUa4QC51kdeqO2ooEa67bKla
TLSH 896423EA61FF9DAAC00D11F45C275A2877ECD4DFEF668C92B6CE500D479060C24EB962
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ns1.rswoodeny.pw
Sending IP: 173.82.94.231
From: info-rswoodeny.pw <info@rswoodeny.pw>
Subject: FW: [TA2019] URGENT: Request for Quotation:\x0a MRCSB-T19-All-010-MNAMR-001RB
Attachment: RFQ-MNAMR-001RB-WhastsAAp Images.rar (contains "RFQ-MNAMR-001RB-WhastsAAp Images.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 12:25:14 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yir7z2w22t6babtagrl7ixyx4d2hlvrogk2fzygwunnmanhhonqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar c223fceadad4fc1006603457f45f17e0f475d62e32b45ce0d6a35ac034e77360

(this sample)

FormBook

Executable exe aae9b362789cdf8a185d9b963cb3b0ba5d7f5599285cecd8625944168232c42c

  
Dropping
MD5 239efcf744fc1e906b704d4eebe4a962
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aae9b362789cdf8a185d9b963cb3b0ba5d7f5599285cecd8625944168232c42c

Comments