MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1d1862256177598bc2d10a2f6a694726204066eb6ad7f827cc59eef105e21e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1d1862256177598bc2d10a2f6a694726204066eb6ad7f827cc59eef105e21e8
SHA3-384 hash: 1be5e83655b87e067af2b8f9b520beb0510efce9f3f4d103a633b72e50682a4ff7034763a9d6ac068a7b08d963c4e846
SHA1 hash: 7f798fbbafa50afa843c4c6510207b0e4ddf23df
MD5 hash: beb5ec46be280dabfe0b6a4034ebfb73
humanhash: arizona-muppet-uranus-freddie
File name:INV20201607PO0093.img
Download: download sample
Signature FormBook
Create hunting rule
File size:534'528 bytes
First seen:2020-07-16 10:39:51 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:hlJPth2k4zUlVHvM8Yr/WVFDR7ZkHf4lzi3rA+nO8z:PJ1N1vLVkAl
TLSH E8B47BCC3510719EC85F8C768964DD30A6202C66F7FBE20263C76E9F7A3D596DE052A2
Reporter abuse_ch
Tags:COVID-19 FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: vps.salvus.co.id
Sending IP: 103.247.11.44
From: Samuel Karow <info@meritideas.com>
Reply-To: info@dennisbearman.com
Subject: Re: COVID -19 Urgent Order Request
Attachment: INV20201607PO0093.img (contains "INV20201607PO0093.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.16953.24442.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1d1862256177598bc2d10a2f6a694726204066eb6ad7f827cc59eef105e21e8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:41:07 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2hiymiswc52zrpbnccrpnjuuojraibtow2wx7at4ywpo6ec6ehua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img d1d1862256177598bc2d10a2f6a694726204066eb6ad7f827cc59eef105e21e8

(this sample)

FormBook

Executable exe ed3e93996b60fbaeb82c59f62dc3dcee809b229748ad7772829a8f738e307cbd

  
Dropping
MD5 ee3eced471840bfc6d2e4648540421ad
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ed3e93996b60fbaeb82c59f62dc3dcee809b229748ad7772829a8f738e307cbd

Comments