MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e7e37a5af18b4dbb1bea9842c0295c965431baf2e0cd0d61e62f0bb278c79ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e7e37a5af18b4dbb1bea9842c0295c965431baf2e0cd0d61e62f0bb278c79ac
SHA3-384 hash: 77a193ecd92a9073224f6befb85a991b55013349e0153873d15480b9b94cba5f5276182a35ca2c045bc8551e1f23bf5f
SHA1 hash: d18f451e41f5a9816d567f1cdb9dd46d0684544d
MD5 hash: 3b932b5ad13171ff702c7c61e6292b62
humanhash: florida-friend-queen-floor
File name:Remittance copy.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:819'399 bytes
First seen:2020-08-18 07:39:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Tl7ZWtdvbnUWvryjg2KlSd3lXUzx+HJ/Kbzzte5xgF/kxJbObgi+0nh:zWtdvbnU4IjdV1HJSbzztcgF/kxJA5B
TLSH 94053320D8A17B182B9F570126DF17C5EEBD0CB81F2C1AF491F42F4F55A0D5249B4ACA
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.environment.go.ke
Sending IP: 41.89.1.174
From: ADMIN <cas@environment.go.ke>
Subject: Balance Payment_Y/ref Invoice No. 309320_ EK
Attachment: Remittance copy.rar (contains "Remittance copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e7e37a5af18b4dbb1bea9842c0295c965431baf2e0cd0d61e62f0bb278c79ac/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 22:36:00 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pz7dpjnpdc2nxmn6vgccyauvzfsugg5pfygnbvq6mlylwj4mpgwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 7e7e37a5af18b4dbb1bea9842c0295c965431baf2e0cd0d61e62f0bb278c79ac

(this sample)

Formbook

Executable exe e2ff7c5e749d36ebfcc2a9d5af487369e454ef301a859eb8fc11ebe15ea73e34

  
Dropping
MD5 d9122108ec3cd7a570190d6add288526
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e2ff7c5e749d36ebfcc2a9d5af487369e454ef301a859eb8fc11ebe15ea73e34

Comments