MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 529a281107d8197b9a48f1f5ee1732acf8ac5ba5a98dade73f404b160f41f47d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 529a281107d8197b9a48f1f5ee1732acf8ac5ba5a98dade73f404b160f41f47d
SHA3-384 hash: 7a3d4be17f9f5b2d83c3c576b24c45adaca243a74dfedbae70622734d7da83d19ebd5db53e5dd3d7c661a99860df83c2
SHA1 hash: 1e2e8b8413d6dcb6e8bbb65ccc3485a30e4c8d1a
MD5 hash: 9fba7bc28a4dcff831eb027d877a49dd
humanhash: four-pluto-shade-uncle
File name:purchase order from Arrow Electronics Components.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:540'754 bytes
First seen:2020-06-15 05:39:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:lzmjlw8B7k0UeDBRzMdO4Azmjlw8B7k0UeDBRzMdO4O:6w8K03DpCw8K03Dpd
TLSH 41B4231D3BF02584B00EF0A71364C957FC7964B6A97DB76EE398984E69344A4C3F9838
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

From: "Liu Jianguo" <liujianguo.singapore@arrow.com>
Reply-To: "Liu Jianguo" <liujianguo.singapore@arrow.com>
Subject: FW: REQUEST FOR QUOTATION - Arrow Electronics Components
Attachment: purchase order from Arrow Electronics Components.rar (contains "tender document and the manufacturer authorization.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:41:06 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kkncqeih3amxxgsi6h264fzsvt4kyw5fvgg23zz7ibfrmd2b6r6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 529a281107d8197b9a48f1f5ee1732acf8ac5ba5a98dade73f404b160f41f47d

(this sample)

FormBook

Executable exe e5bb61ce7666ce9c2fd0245cb13dbb8368d894a767041677c0749438154433fd

  
Dropping
MD5 eb6e9e60b6eec8e6f1dcfa6fca86ea17
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e5bb61ce7666ce9c2fd0245cb13dbb8368d894a767041677c0749438154433fd

Comments