MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9a38745c4d024256e164104585905502d41a695b93bee4e0dd19111e219e31b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9a38745c4d024256e164104585905502d41a695b93bee4e0dd19111e219e31b
SHA3-384 hash: 8cf1835008e923ab85164adbc856410991e371cbc39873f16232c5dd5df4b0e6006508184ea1f45c7e1fa986643af05e
SHA1 hash: 86ced6697c5bff78953c609d047248a6d3a2a73d
MD5 hash: a3abf20bad043e66395aa3354b9d2eee
humanhash: pasta-jersey-louisiana-hotel
File name:Documents.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:267'130 bytes
First seen:2020-06-06 09:26:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Prebou7IZ/e85y2QC/rBvS3Li+mqXqtAuavLU1fzGmZIe13+xLp+:jW74+2Q+RQ+HvHoLUZCiIe1Ox1+
TLSH 854423CC50F172961BD5F6288E0E72986E4BB19E68CA33B5F6F7D5C063D2848C4A017D
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: westbrook-interiors.com
Sending IP: 92.118.190.233
From: Dezilee Lemon<info@westbrook-interiors.com>
Reply-To: info@westbrooks-interiors.com
Subject: Urgent Inquiry
Attachment: Documents.zip (contains "Documents.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24904.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 09:28:05 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3gryoroe2asck3qwiecfqwifkawudjuvxe564tqn2girdyqz4mnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip d9a38745c4d024256e164104585905502d41a695b93bee4e0dd19111e219e31b

(this sample)

FormBook

Executable exe 9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838

  
Dropping
MD5 e1771e8eaefa80748e7efef1779b7205
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838

Comments