MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3893bb89d54a95cdc3fafe8f456ec57ca32854210c2e400422e1e496574529f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3893bb89d54a95cdc3fafe8f456ec57ca32854210c2e400422e1e496574529f
SHA3-384 hash: 3a29421229c3daf5ea29aae5ee74fa36005cf3fa250582f9f755bb20ec58cd612728ce25bbb1a8dabcedcde09cb656ab
SHA1 hash: 9b4b3cab9ca670a1d9397050b56cf1e21eb00aa3
MD5 hash: 1d2f1d46dc9792a7814a49ebc6a9ae50
humanhash: uncle-rugby-arkansas-uniform
File name:order.img
Download: download sample
Signature FormBook
Create hunting rule
File size:569'344 bytes
First seen:2020-07-16 07:16:12 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:aGOFz2k4zURlDIzrJzppRyjaz0Ug6Ki/6px:aGYzlsrJzpnL
TLSH C2C46AFC3550718EC59E8D3689A4ED7066236C22F2FBD10663C76D9B763D786CB012A2
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dekruco.com
Sending IP: 5.206.227.64
From: Andy Lili <sitesuporte@lookchemicals.com.br>
Subject: Fw:Re:Re: New order for shipment requirement
Attachment: order.img (contains "order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.27939.13415.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3893bb89d54a95cdc3fafe8f456ec57ca32854210c2e400422e1e496574529f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 07:18:06 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2oetxoe5ksuvzxb7v7upivxmk7fdfbkccdboiaccfypeszlukkpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img d3893bb89d54a95cdc3fafe8f456ec57ca32854210c2e400422e1e496574529f

(this sample)

FormBook

Executable exe 95574ab20f094a30ec1f5d3cd6694e6afd0a5c4809e0151f5bd2b427bbbb33df

  
Dropping
MD5 a280142137b1aeb5e45c793e2ab317dc
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 95574ab20f094a30ec1f5d3cd6694e6afd0a5c4809e0151f5bd2b427bbbb33df

Comments