MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f01d9428ebec1c1c5fc1ef52f0d063333f2435ecdd1345eab5719bfae97ed896. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f01d9428ebec1c1c5fc1ef52f0d063333f2435ecdd1345eab5719bfae97ed896
SHA3-384 hash: 43da252b6dfd590c91a8fc076811757400f66793a6424ec1d1ca3b89b9372e78e4437f2239c9b22e180b131768c9d5a0
SHA1 hash: e72b19b4cd408ba366c10b2158415bcb50a065bb
MD5 hash: 9168b69ce49f05e2d0b091e170a3ce54
humanhash: green-georgia-oklahoma-london
File name:8903-Dco2.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:345'748 bytes
First seen:2020-06-12 06:52:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:t6GVD3DMPf3N2Dcoatgo59Bag1tZ4FKOChtWr5gz0Bi+nYakzgY5Mxr8UGtka:tDw12go05jnytC9yifhJV7
TLSH D274230BC1DC2BE1329994FD3DF6196A9DF3FB101B0775A5112E05A99B93318BE408AF
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sonic301-30.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.184.199
From: abdul rehman memon <seyani_1234@yahoo.com>
Subject: FW: Payment Transfer
Attachment: 8903-Dco2.rar (contains "8903-Dco2.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:54:17 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6aozikhl5qobyx6b55jpbuddgm7sinpm3ujul2vvogn7v2l63cla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar f01d9428ebec1c1c5fc1ef52f0d063333f2435ecdd1345eab5719bfae97ed896

(this sample)

FormBook

Executable exe ec8d87e7db1c4f69358cdd9de92c9f8d4077dc7b61b4ccb834bf2fe129279289

  
Dropping
MD5 dc81e74a59940379870c59aff72f1540
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec8d87e7db1c4f69358cdd9de92c9f8d4077dc7b61b4ccb834bf2fe129279289

Comments