MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 824bda42d58f5af8fc2315afb67e392665a249e81c9ab22feb64291519abf15f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 824bda42d58f5af8fc2315afb67e392665a249e81c9ab22feb64291519abf15f
SHA3-384 hash: 11fd83f9bcac6f1b3815fad7c5075d746d58068defb0b7fb5926909d2a96cf9b542df35acdf21b68a0953c9ac1bbaa4f
SHA1 hash: b139d21819de4bab0c5c9378663d98abbab80ed7
MD5 hash: fa12fb01cb11c0a950d7c4405c0d165f
humanhash: oven-potato-louisiana-pip
File name:PURCHASE ORDER.z
Download: download sample
Signature FormBook
Create hunting rule
File size:292'092 bytes
First seen:2020-07-01 17:11:17 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:kxXhaeC0jnlwoWE/MAx1GjKnvT7/RZOC2mYCcIlmucPtqM:kxXUeFjlB9/M61GIREAflmucVR
TLSH 75542346047AD9DCDEF90194B84079E7653CABE379DC77CB38B6B0888681F1B3899618
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing FormBook:

From: "Aster Cen" <katc.ops2@atcglobalchina.com>
Reply-To: info@realservtech.live
Subject: ATTACHED NEW PURCHASE ORDER
Attachment: PURCHASE ORDER.z (contains "PURCHASE ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/824bda42d58f5af8fc2315afb67e392665a249e81c9ab22feb64291519abf15f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 17:13:04 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qjf5uqwvr5npr7bdcwx3m7rzezs2espidsnlel7lmqurkgnl6fpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z 824bda42d58f5af8fc2315afb67e392665a249e81c9ab22feb64291519abf15f

(this sample)

FormBook

Executable exe e58d299e799026f70c33649310efef0e2ccfa45514fa554dcc0f4eb9fbdf1cf2

  
Dropping
MD5 9a5302f8bbd2311f0e60192cda5a2d98
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e58d299e799026f70c33649310efef0e2ccfa45514fa554dcc0f4eb9fbdf1cf2

Comments