MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e821c7b6ac4d01f579bfa788148df3d55415117a3bc2a3ad814a0685ab38326. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e821c7b6ac4d01f579bfa788148df3d55415117a3bc2a3ad814a0685ab38326
SHA3-384 hash: 7de76fe01313ed70dbdc2404612b765fe2e0ee62988d3124022e317d4ab432710837e80ea3f9cf6c04515f8a68631482
SHA1 hash: 1ad83c6a567f0289996a4f41c436f5485eddc40a
MD5 hash: dab93d1e3ca6f8953c3abaae3a0ce7dd
humanhash: skylark-ink-high-fix
File name:new requests.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:296'940 bytes
First seen:2020-07-16 07:13:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:dRwsWeAvEk90u6u2o/KCW7GL3GtAUjNzqv0c84kgw5YiMrMxZDww0OcIC+W:bg70uj5/Z3UAUjNztz4kbMwxVV0OcFH
TLSH 4B54234925CED48E6999EC71B84DBD0FBBD52726EA033B748BA03EA1058343CC39F655
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: server.megatroncorp.community
Sending IP: 162.241.205.158
From: Yousef Abdullah Al-Benyan <server@huttprimax.partners>
Reply-To: Yousef Abdullah Al-Benyan <Sabic.purchase1@consultant.com>
Subject: quotation//request
Attachment: new requests.zip (contains "new requests.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.24871.18360.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e821c7b6ac4d01f579bfa788148df3d55415117a3bc2a3ad814a0685ab38326/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 07:15:07 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j2bby63kytib6v437j4icsg7hvkucuixuo6cuowycsqgqwvtqmta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 4e821c7b6ac4d01f579bfa788148df3d55415117a3bc2a3ad814a0685ab38326

(this sample)

Formbook

Executable exe 16b59963cf5398fe9d50d18723bf7b78073a6fd4d1dfd3072b45b8852ead2d58

  
Dropping
MD5 29fcf3a3a5fe32151f236ea2e977d22f
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16b59963cf5398fe9d50d18723bf7b78073a6fd4d1dfd3072b45b8852ead2d58

Comments