MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a14b0ace569280573dd7d900591897e4613914456187a9d5e99fdb8c4d8860ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a14b0ace569280573dd7d900591897e4613914456187a9d5e99fdb8c4d8860ed
SHA3-384 hash: 480cf3c80d0e5d46ee76628a1c1ddef948747d5fd330377b7fa75b3bf9760607734d110ed8a1fbab8880290d115c9b00
SHA1 hash: 04b17894aed43aa88476b8be9cbc6eb5b50a91d5
MD5 hash: 1fa925a276ecd363de8fa869c9281bf6
humanhash: eleven-alabama-moon-jersey
File name:DHL Shipment Notification Status AWB811470484778.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:287'991 bytes
First seen:2020-07-06 15:10:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:mxO2wEmrri6ZvbWskV3nFlVFE315/gLOoMgiVrN6+8kxZzj2aof9P:mxOUmr/ZkV3nFlVQNMMg/TkzNox
TLSH EF54239CFB90DC9FFD0DA09D80F9949D4A49636FD931B6F2E062A4487619177F70A00A
Reporter abuse_ch
Tags:DHL FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dhl.com
Sending IP: 45.143.222.143
From: DHL INTERNATIONAL <no-reply@dhl.com>
Subject: DHL Shipment Arrival Notification redacted@threatwave.com
Attachment: DHL Shipment Notification Status AWB811470484778.zip (contains "DHL Shipment Notification Status AWB811470484778.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a14b0ace569280573dd7d900591897e4613914456187a9d5e99fdb8c4d8860ed/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 15:12:08 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uffqvtswskafopox3eafsgex4rqtsfcfmgd2tvpjt7nyytmimdwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip a14b0ace569280573dd7d900591897e4613914456187a9d5e99fdb8c4d8860ed

(this sample)

FormBook

Executable exe a9089afb7795019bd9b1a2395b387a6c9957d499f10ff2929bf8d65c9913f453

  
Dropping
MD5 fbd84a5e2b4e9448318e1cdf73bb9f78
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a9089afb7795019bd9b1a2395b387a6c9957d499f10ff2929bf8d65c9913f453

Comments