MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57fcae111e84f296b2253ba7dc1b3e50f71022ab50e89845fcbb28e63d92be85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57fcae111e84f296b2253ba7dc1b3e50f71022ab50e89845fcbb28e63d92be85
SHA3-384 hash: 3e568f27a8df15af4ad34741f0665f3dfffb8ede6f4fd480b3c9aecfcd219ffb6fe89ef5e427d8fee4e3ee7651edf78d
SHA1 hash: e8a0c7009b4d3b73b3a744c497b6a4385eeb2037
MD5 hash: 6d3dacc067628c9686ff6da8e00df27d
humanhash: vegan-ohio-asparagus-butter
File name:RFQ_EDM202011.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:446'993 bytes
First seen:2020-07-09 08:41:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:1FcBAZ6xIoh/d/yqxRnG6k84exRREPTTsu4k1mJd7Cf:1FcBAZ6xJdqqjUDm6PTTsu4Hd70
TLSH 4F9423F9266782C416B8B83B68F0548D7796396261F1593DA1CFF8E242C43B0F9F4A5C
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dlveltex.co
Sending IP: 111.90.145.49
From: Mark <dlveltex.co@dlveltex.co>
Subject: copy of quotation for your reference.
Attachment: RFQ_EDM202011.rar (contains "RFQ_EDM202011.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57fcae111e84f296b2253ba7dc1b3e50f71022ab50e89845fcbb28e63d92be85/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 08:43:05 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k76k4ei6qtzjnmrfhot5ygz6kd3raivlkdujqrp4xmuompmsx2cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 57fcae111e84f296b2253ba7dc1b3e50f71022ab50e89845fcbb28e63d92be85

(this sample)

FormBook

Executable exe 0a0ac8e138fdddc9e18357375ff41da88e340ac4dfc225d2d60976607dac8d8c

  
Dropping
MD5 b20f108e61c409deeb691fbab3120a42
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a0ac8e138fdddc9e18357375ff41da88e340ac4dfc225d2d60976607dac8d8c

Comments