MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bf640f6f53ffd42c42daad272a2149a2fe10476bfc4c80ed74799732939401d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bf640f6f53ffd42c42daad272a2149a2fe10476bfc4c80ed74799732939401d
SHA3-384 hash: e54c59353330c4fa49e452db15fe540dc212a6170dc9f926e5c75215aa592439cac3587d8f3d6be1599915844bd2ee51
SHA1 hash: 62f37efa3b7a42bbcd69b9743ecda872a0ba20f3
MD5 hash: 625d9e47c757fe6ae202f08a753aa412
humanhash: hot-south-alabama-earth
File name:NEW ORDER.z
Download: download sample
Signature FormBook
Create hunting rule
File size:241'447 bytes
First seen:2020-07-02 06:58:01 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:4KuWLvBea1s9m+NSX2ADgE18zqzuNhdwPdFla:FXDBea1qtTADgE18lhdwPdFla
TLSH 7834236E42B004FE7E398FE55EAA360BD21B2E51D6DC3E4F43176C8B10BA4B20652F55
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gateway.intranet.loc
Sending IP: 109.190.135.180
From: Mr. Yan <jpm@intranet.loc>
Reply-To: info@realservtech.live
Subject: NEW ORDER 01/07/2020
Attachment: NEW ORDER.z (contains "NEW ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27360.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6bf640f6f53ffd42c42daad272a2149a2fe10476bfc4c80ed74799732939401d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 06:59:08 UTC
AV detection:
16 of 27 (59.26%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=np3eb5xvh76ufrbnvljhfiqutix6cbdwx7cmqdwxi6mxgkjziaoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z 6bf640f6f53ffd42c42daad272a2149a2fe10476bfc4c80ed74799732939401d

(this sample)

FormBook

Executable exe ba47cf38b9634cbe5fd3ae81f2f7cef3554b8f57f59501b9ea5fde8c73ff4a4e

  
Dropping
MD5 e85777a9fee0c12ab94d82bbd4f4e5cc
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ba47cf38b9634cbe5fd3ae81f2f7cef3554b8f57f59501b9ea5fde8c73ff4a4e

Comments