MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0025dd0c81142c4d22f609d32059709406269193830fdfc76d0530d98062c6c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0025dd0c81142c4d22f609d32059709406269193830fdfc76d0530d98062c6c3
SHA3-384 hash: 7e505a4b23fbf657dfe7018ac67248ac2b531a54fda069c6f6fa9b2905bab69050eabc847620dd0c911ae694243ec07a
SHA1 hash: 6d4bbed8a6475c6fe26ef094b96dc3b13900d342
MD5 hash: 122ce70f3193477ac2533c56f09a1012
humanhash: ack-moon-queen-iowa
File name:PO KH-TECH.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:321'540 bytes
First seen:2020-05-26 10:02:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:64oZYeyWDXsT2CqKOaCbCU7EHVTy9XsWedc8UXx47G8S9oHvaA:63ieRrsT2CyaCbXQTEcddc8Ui7G/GHvx
TLSH 5364234B832A83E8A2FE67E6385CD275093A093E97252DD732CAD55118FA4B0F5D0D37
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yisun.co
Sending IP: 111.90.159.196
From: Peter Kim <export@khoto-kr>
Subject: PO KH-TECH CO., LTD
Attachment: PO KH-TECH.zip (contains "PO KH-TECH.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.23627.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 10:36:35 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
28 of 47 (59.57%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 0025dd0c81142c4d22f609d32059709406269193830fdfc76d0530d98062c6c3

(this sample)

FormBook

Executable exe 66812d316b85e20248c4af1f141a372ec1e434d951f7c6fc51402ab23da87845

  
Dropping
MD5 cec3c5e9ed6457abf83f3650bab34a0d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 66812d316b85e20248c4af1f141a372ec1e434d951f7c6fc51402ab23da87845

Comments