MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c
SHA3-384 hash: cb89257b486a38e087facba28e67bc58d53dea83400fce2663f0d551b0d765e6e330f6aa0555d63425111e1d09a572c0
SHA1 hash: 402561f86dc73f26a5e5ab9424b6f852d3e62c19
MD5 hash: 44deb1be9aef7d842e97af32f57efd46
humanhash: violet-august-saturn-salami
File name:doc56263736473648 PDF.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:483'328 bytes
First seen:2020-07-01 16:07:41 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:xMRJGMXO7KUvAjXAYAabyAI4AeLa8xThl+uNCo64DJ+5N8BsHedJWbq75AHSnAQB:xyqkW7TefWW7iHSTpDK8bLU6
TLSH 37A48DC076B68B52E9B647F70A72980047F6B87E253ED2584DCB60EB92A1F500F95F13
Reporter abuse_ch
Tags:FormBook HSBC iso


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: jupiterservices.info
Sending IP: 182.74.181.202
From: HSBC Advising Service <banerjee@garudapower.com>
Subject: Payment Advice - Advice Ref:[GHG526352363] / Priority payment / Customer
Attachment: doc56263736473648 PDF.iso (contains "doc56263736473648 PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQF.16829.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 16:09:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i4ocxxnvvygviooy63npftqw5ix4yifbct5ojkbaow34ozbt2eoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c

(this sample)

Formbook

Executable exe cc02c528f1eccf6891f5c97815c5c97560ca1c92849e35669bf061cb55e6289b

  
Dropping
MD5 fd47ef87181d31ba882b90208ff24f98
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc02c528f1eccf6891f5c97815c5c97560ca1c92849e35669bf061cb55e6289b

Comments