MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 948e0acfa084f97be864d2d03bc72d1996ab17f1ef7aec5f9f64eef1f498adae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 948e0acfa084f97be864d2d03bc72d1996ab17f1ef7aec5f9f64eef1f498adae
SHA3-384 hash: a31b48a4b25010e05d7cc6faf137f37f67c7f82340a2375267afc467b745db1b9359682ceb8f6ea968d3eccc0b5cae0f
SHA1 hash: d298e90f1eb91bafeb4e6948b844f77a7aad5a0f
MD5 hash: 01463bce11a2fb41cc48f62f01ca04ad
humanhash: lima-fish-yellow-minnesota
File name:Quotation - 8 x E8.gz
Download: download sample
Signature FormBook
Create hunting rule
File size:606'138 bytes
First seen:2020-07-21 06:34:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:hSCcJF2IHlH6G2R8u1mDhKcZGoRBjJ8zxUEOMQ7gsFTyjBUiVfwEZ4Adn54XulX:8CcJF20h6Nyu1m9KYGk9GxUj77FTyjC8
TLSH FAD42381EA0EE22ABE4C77587ADE1554363BD08E4E7F14DEF2B0D6F4368789E6521043
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.srv18.aysima.net
Sending IP: 5.250.243.246
From: Deurov Melor <deurov.melor@gmail.com>
Reply-To: Deurov Melor <deurov.melor@gmail.com>
Subject: Current Project
Attachment: Quotation - 8 x E8.gz (contains "Quotation - 8 x E8.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/948e0acfa084f97be864d2d03bc72d1996ab17f1ef7aec5f9f64eef1f498adae/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:36:07 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sshavt5aqt4xx2de2lidxrzndglkwf7r555oyx47mtxpd5eyvwxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/948e0acfa084f97be864d2d03bc72d1996ab17f1ef7aec5f9f64eef1f498adae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 948e0acfa084f97be864d2d03bc72d1996ab17f1ef7aec5f9f64eef1f498adae

(this sample)

FormBook

Executable exe b1d72f54b46528f1dd2265231ea91a8dcc2a4461dc897e1f7bd8d5e915f189f2

  
Dropping
MD5 659e8ae340e34797dff706eb709cff1c
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1d72f54b46528f1dd2265231ea91a8dcc2a4461dc897e1f7bd8d5e915f189f2

Comments