MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a4480f8b28cc03dd17ca01eb614f6e0979b666bdf232d5f952daebf968d40a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a4480f8b28cc03dd17ca01eb614f6e0979b666bdf232d5f952daebf968d40a4
SHA3-384 hash: 2b843a6c7646e50f510dac3b047b0e7f9d49e6192ce59480ef32e6d6cb4d12dd5b5d5f4c766d6663d59852aeed2e3209
SHA1 hash: 007f80b0b610a3764410cdbafab914f3a10ff452
MD5 hash: 1c71cfeafea353b7129770c0ae8d01e9
humanhash: muppet-oregon-mobile-green
File name:SMT20200616.img
Download: download sample
Signature FormBook
Create hunting rule
File size:372'736 bytes
First seen:2020-06-16 11:35:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:kn7X5LK4TU1QVRgzCLZClqpycn18qdfkR/TwE4GB/DxYtMzD/1:kn7k4TUs11Clql1BfkFk4NE+D/1
TLSH E584011DB79C6726DA7D02BE84F1252503F4A9926123F70A7DC434BE2EA37F40613A57
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail0.198.dinogretchimv.store
Sending IP: 159.89.160.185
From: sales@neileshcorp.solutoins
Subject: ADNOC RFQ 97571784 - Products Supplies Needed
Attachment: SMT20200616.img (contains "SMT20200616.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.16372.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 11:37:04 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=njcib6fsrtad3ul4uaplmfhw4clzwztl34rs2x4vfwxl7funicsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 6a4480f8b28cc03dd17ca01eb614f6e0979b666bdf232d5f952daebf968d40a4

(this sample)

FormBook

Executable exe 1c22bad3a6eb408ec1f4d6ef50b04e2294a77979abc411f9dbb752e2b495345b

  
Dropping
MD5 9eda8430e6bf0bab3f1e7134b584cd1b
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c22bad3a6eb408ec1f4d6ef50b04e2294a77979abc411f9dbb752e2b495345b

Comments