MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0bd3b0e990627fadafe17c735b0a79bc94bfc7d5e1ee9eee801676d32b81069. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0bd3b0e990627fadafe17c735b0a79bc94bfc7d5e1ee9eee801676d32b81069
SHA3-384 hash: fb484a5993014130d300f714b33c993a67fd166992c2d51d2edf6bd933da08c0bd267a78f39e83f94cb8465c50d291c9
SHA1 hash: 3aef654da927bec29ac1843eb950b9d616984e45
MD5 hash: 8c46d17b838ee8f32ed0ca8052404d00
humanhash: artist-fourteen-fillet-bacon
File name:Remittance copy.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:458'846 bytes
First seen:2020-08-13 05:52:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:FKihqwCY+K+nPa9zO6hJelclVdmFN39CqmoU:FKiiY0PAzFH6cjkFNIqpU
TLSH 1AA423B2D340177AA5F7E2E738013656D8130BFA28DA35906A295D33FE4D622D3478DE
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail.environment.go.ke
Sending IP: 41.89.1.174
From: ADMIN <cas@environment.go.ke>
Subject: Balance Payment_Y/ref Invoice No. 309320_ EK
Attachment: Remittance copy.rar (contains "Remittance copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0bd3b0e990627fadafe17c735b0a79bc94bfc7d5e1ee9eee801676d32b81069/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 05:54:08 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yc6twduzayt7vwx6c7dtlmfhtpeux7d5lypot3xiaftw2mvycbuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c0bd3b0e990627fadafe17c735b0a79bc94bfc7d5e1ee9eee801676d32b81069

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar c0bd3b0e990627fadafe17c735b0a79bc94bfc7d5e1ee9eee801676d32b81069

(this sample)

FormBook

Executable exe 703ff50ce5c0478d29687466ee83df7f4d7f302343039cba3bab46405e07433b

  
Dropping
MD5 685ba3d05cf1efc793f17104dde09fd6
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 703ff50ce5c0478d29687466ee83df7f4d7f302343039cba3bab46405e07433b

Comments