MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b864e36933737d4dfda98387deff03cf5113efbdff664630518697f479c18052. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b864e36933737d4dfda98387deff03cf5113efbdff664630518697f479c18052
SHA3-384 hash: 6d081f8bd7564bc57e5e01970c886b5dc03c33893e92695336c19354deacb977da951a898e51ba5a261b848a12df7bad
SHA1 hash: b4791149b3632e4fe71d9e0581a643cf289923e9
MD5 hash: fe59c0268992a6cb4ffac2bd5dac91ee
humanhash: chicken-rugby-zulu-thirteen
File name:Attached new order,.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:232'159 bytes
First seen:2020-07-02 07:54:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ApYm3p1XFJ599wtUe2lNvWVB4fQ7/boaAUXK7NrEDkGnZujgHxIXHm:By1Xr57o2lNvWwfQDbOUXEN4DkA8jgH9
TLSH AF34239BD0B19A018C91EFF92FC11725E8BB252443FC6E18452DD6777902CBF08997E9
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mout.gmx.com
Sending IP: 74.208.4.200
From: Agustí Via <agusti@arcticmail.com>
Subject: Re: Re: Attached new order
Attachment: Attached new order,.rar (contains "Attached new order,.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b864e36933737d4dfda98387deff03cf5113efbdff664630518697f479c18052/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 07:55:04 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xbsog2jton6u37njqod557ydz5irh35575temmcrq2l7i6obqbja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar b864e36933737d4dfda98387deff03cf5113efbdff664630518697f479c18052

(this sample)

FormBook

Executable exe 7b1f38ea00893691f1f2026c920e6755595e38c79fb43db6136ab8dee695455f

  
Dropping
MD5 ae4f96004fa7189b83476505c1241971
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7b1f38ea00893691f1f2026c920e6755595e38c79fb43db6136ab8dee695455f

Comments