MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40b3a17b86a1bd0559ebfe5a1027e8634b1b5347fb686175e1a54ef9858273ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40b3a17b86a1bd0559ebfe5a1027e8634b1b5347fb686175e1a54ef9858273ae
SHA3-384 hash: 5d9598372b70b58425344d5c8e39143740a2f27810b16079789e6808a3aa8685f5fd22e05b4b8dd3fa132ecbb2fd38cb
SHA1 hash: f199ae1b6ba26b6557705dc19a33ba68d83187ee
MD5 hash: 92c9c38a6d41e9a41af6aa8357e195f4
humanhash: queen-oxygen-seventeen-cold
File name:POS_2020.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:268'057 bytes
First seen:2020-05-25 08:38:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:E+gY/BWHcQXv6Q+pVW7jkUS9svQD2Ognq87:tgY/9g6lpVWbS9OQD2fqG
TLSH 8E4423C58C7FA5EFD811F9E64440A8266F0FB55C0B8DC60CAA23BBF2A44A6FF5847015
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: qualitech-solutions.cam
Sending IP: 111.90.140.145
From: William Noah <w.noah@qualitech-solutions.cam>
Subject: AW: OFFICIAL ORDER ACKNOWLEDGEMENT
Attachment: POS_2020.rar (contains "PO'S_2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 09:36:10 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
11 of 48 (22.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 40b3a17b86a1bd0559ebfe5a1027e8634b1b5347fb686175e1a54ef9858273ae

(this sample)

FormBook

Executable exe 4ad79d7dfc755f667699bcc18f5bc0c3a64f09d1a969f7ccff0f255505cfc20c

  
Dropping
MD5 a247f73a6b65b56a6eea6f18955b1bd2
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4ad79d7dfc755f667699bcc18f5bc0c3a64f09d1a969f7ccff0f255505cfc20c

Comments