MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f9ddd5ee15cad6dcd9a4b0327504856676258f0cdcf6af29596b1dcbf0a64f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f9ddd5ee15cad6dcd9a4b0327504856676258f0cdcf6af29596b1dcbf0a64f5
SHA3-384 hash: 68e9db40de5980d4dbbca3ae1e43a1cb9932b4b8deb212e78cb00837efba94db9c4f9cbbf5c1eaaddaf51141c04d612e
SHA1 hash: c831b08809363a224aed52db35441b5260677ac5
MD5 hash: a454983301213648c0ad9321cd55b0e8
humanhash: burger-lamp-earth-florida
File name:PO-4093021.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:275'445 bytes
First seen:2020-07-06 06:35:54 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:tY88PJdf5vzLRgOu0Jzh1pG1OvP0A4AZ64:a8CyOt5hj3n0A4AZ64
TLSH 3E44236184F31781354C6F819456E111C82F388FC76FB6B58E7ACF1E2620A9896EFD5C
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.opticalnetworks.xyz
Sending IP: 159.89.88.255
From: Joakim (MALIQUE CO LTD) <j.kim@malique.net>
Subject: Re: Purchase Order PO-4093021b
Attachment: PO-4093021.arj (contains "PO-4093021.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f9ddd5ee15cad6dcd9a4b0327504856676258f0cdcf6af29596b1dcbf0a64f5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 06:37:10 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p6o52xxblsww3tm2jmbsoucikztwewhqzxhwv4uvs2y5zpykmt2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj 7f9ddd5ee15cad6dcd9a4b0327504856676258f0cdcf6af29596b1dcbf0a64f5

(this sample)

FormBook

Executable exe ca3ab25a8c3213aa08113b09cc4b60df1d2c440aeb0e02c1e3bd192a57f86208

  
Dropping
MD5 85f5cd12e5a29d0ac665b37c778917f1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca3ab25a8c3213aa08113b09cc4b60df1d2c440aeb0e02c1e3bd192a57f86208

Comments