MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a89e19a2f1fdf66ff1fb5d7d8b4907baf02edfd62fde250360b78e10010ab14d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a89e19a2f1fdf66ff1fb5d7d8b4907baf02edfd62fde250360b78e10010ab14d
SHA3-384 hash: 5480d8a7b2b0f767590751bace51d1842bdb62319c3c0f680dee9f3e2a50ec46df9600055e990aa91f498ee3a589dc26
SHA1 hash: 9f8caa8e4848b630cdc5f000e4e42b34cb310e89
MD5 hash: 8b04bc0e2fe4c5fcb4f115113ca71358
humanhash: blue-golf-ack-sad
File name:DHL STATMENT OF ACCOUNT.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:318'745 bytes
First seen:2020-07-05 07:05:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+rEsrbujYt2iI82y1XcXKWJvVd5nTQp/34u9k46F5MqU3dQFdO+Qa/:+/ryAv1XcP9dJ6v4u9m5OdQFXQa/
TLSH 836423685F2BD8D68627B91A7898F38F40360DE5F47B75CCBD096C9A4CB38C9050176B
Reporter abuse_ch
Tags:DHL FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dhl.com
Sending IP: 37.49.224.208
From: DHL Express<no-reply@dhl.com>
Subject: RE: DHL OVERDUE NOTICE - 1300003150 sadf.com
Attachment: DHL STATMENT OF ACCOUNT.zip (contains "DHL STATMENT OF ACCOUNT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a89e19a2f1fdf66ff1fb5d7d8b4907baf02edfd62fde250360b78e10010ab14d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 07:06:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vcpbtixr7x3g74p3lv6ywsihxlyc5x6wf7pcka3aw6hbaaikwfgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip a89e19a2f1fdf66ff1fb5d7d8b4907baf02edfd62fde250360b78e10010ab14d

(this sample)

FormBook

Executable exe 635411fb8a81c1232977130d52f6643995799475f35d4d3ecf2c0b74c307c876

  
Dropping
MD5 c2646a3e02e443741195e634a1f5a47d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 635411fb8a81c1232977130d52f6643995799475f35d4d3ecf2c0b74c307c876

Comments