MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 932da068956462782cd56d4df53800e87a237d9215db1e13ce5cc75a7c35f693. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 932da068956462782cd56d4df53800e87a237d9215db1e13ce5cc75a7c35f693
SHA3-384 hash: 770243286ee9fcd9487b98c281b73015d22eb85b4c54bcacf33785d9b93f49fbb4625cebb089664a7c6fb454208e668e
SHA1 hash: a729fd12c084bb44acf34e2ee1b094c4dcadbf09
MD5 hash: a62095ffe25ce0da675f0b119a25c558
humanhash: nitrogen-yankee-lake-cat
File name:BKG339LN2035492.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:428'441 bytes
First seen:2020-08-31 09:17:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:bQCPnA1V9Jj5nHjDgalDWdLmTIzYE77HteJqrcPbhh8UJrl9bP3RJ:0C/0V9JtnY7m94HtqTh1ldPT
TLSH 1B94238550A36322D970FFF585D7E5362193ABF56C80EDE1C82B71DE0AA080705A6DEE
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: hlag.com
Sending IP: 37.49.230.8
From: doc.dhl<doc.hk@hlag.com>
Subject: BL HLCL Sh#86365840 Doc#HLCUHKG2008AUCR5
Attachment: BKG339LN2035492.zip (contains "BKG#339LN2035492.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.Trojan-7.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/932da068956462782cd56d4df53800e87a237d9215db1e13ce5cc75a7c35f693/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 03:14:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=smw2a2evmrrhqlgvnvg7koaa5b5cg7mscxnr4e6oltdvu7bv62jq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/932da068956462782cd56d4df53800e87a237d9215db1e13ce5cc75a7c35f693

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 932da068956462782cd56d4df53800e87a237d9215db1e13ce5cc75a7c35f693

(this sample)

FormBook

Executable exe da418cd645143899691fa8b036073aaa5320a1d6c855699494f4b9b2419fb12e

  
Dropping
MD5 f2dcb4795f829cd08f35793dde655dfc
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da418cd645143899691fa8b036073aaa5320a1d6c855699494f4b9b2419fb12e

Comments