MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0fe90c8b53a2e92bbfb3addc20faf8f878bb2d89377c9451bdceecf517b5b9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0fe90c8b53a2e92bbfb3addc20faf8f878bb2d89377c9451bdceecf517b5b9a
SHA3-384 hash: f95684e99daad196fe26df0f831d41358e1f2e1aaf26357a9a93adc04bdfbc4df2bba22c4b3f625509d3f2d48480d349
SHA1 hash: 33e31362ba03896123e6eafdc089bef7182e0b76
MD5 hash: 8e1b5a476854207f836de3ebcc56e9d3
humanhash: charlie-florida-autumn-august
File name:RFQ.29.04.2020.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:271'891 bytes
First seen:2020-04-29 18:35:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ZNmBqvKxvTqmVhKLvALE/0+j4G0UO1h2l9ygveVvXCrBDHvu:eQv0jh+aGjY2w2HW
TLSH BF442237CA6D15062BB19AD8F9F9927639E6D322384EE10DF5B7038213B115A37C8CA1
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: Sales Manager Mr Yuzh <yuzhengxi@xinjinquan.cn>
Reply-To: 042w0w@gmail.com
Subject: products List
Attachment: RFQ.29.04.2020.rar (contains "RFQ.29.04.2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 11:10:56 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wd7jbsfvhixjfo73hlo4ed5pr6dyxmwysn34sri33txm6ul3lona._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar b0fe90c8b53a2e92bbfb3addc20faf8f878bb2d89377c9451bdceecf517b5b9a

(this sample)

Formbook

Executable exe ed5b523a7b1d55effd77366e3b4e2ab0eb376746e2c86e1cff992d08540c4b5d

  
Dropping
MD5 6b4933fb5f424c07b533afb091c78538
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ed5b523a7b1d55effd77366e3b4e2ab0eb376746e2c86e1cff992d08540c4b5d

Comments