MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7aa5288b828a60937b0be1fd780341351de54668aba33491047d7099c3b53d2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7aa5288b828a60937b0be1fd780341351de54668aba33491047d7099c3b53d2c
SHA3-384 hash: 0da05819be3bc6313a9f0491284376564c5f302e17d943bb35a2f891cd9a26c3c75c787cf8d3397784cefc2216379403
SHA1 hash: 62da5879c10dc658a3da713dd620d1b424f55301
MD5 hash: 28bf771f63da1054c2aa15274bf6a7d5
humanhash: may-india-lithium-winter
File name:26.05.20.z
Download: download sample
Signature FormBook
Create hunting rule
File size:249'292 bytes
First seen:2020-05-26 11:15:10 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:yqbinWNFAi1+exu+4GQzFFCP+aSwnztjWO5dru:HbaGFN1iCkFFCGonztnLu
TLSH AB34229E84407096A9C23DD73142E9B80519A7D6572F46A138CE752DABB36ABFCCC4C8
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: host1-za.goredrobot.hosting
Sending IP: 41.203.30.126
From: info@parkc.co.za
Subject: re: Production Remit Review #2
Attachment: 26.05.20.z (contains "26.05.20.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:00 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
11 of 48 (22.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z 7aa5288b828a60937b0be1fd780341351de54668aba33491047d7099c3b53d2c

(this sample)

FormBook

Executable exe 14d8219f46423321040066a71c5871a52c322ebbbf2d8fe364affabcf4b13ca8

  
Dropping
MD5 13cb16e9b8713ba1de9a689d8d00cdb7
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 14d8219f46423321040066a71c5871a52c322ebbbf2d8fe364affabcf4b13ca8

Comments