MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e75254328d8e852f56ae4591792fb9f5b4a6caf977018bf4fefa03f8eced24c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e75254328d8e852f56ae4591792fb9f5b4a6caf977018bf4fefa03f8eced24c3
SHA3-384 hash: 7eefe7ad91658615bdee6415703f46b15869c33cd2a738e4a194396f82b25636e444745e717e8820d6a2a90c144dba4d
SHA1 hash: b60b7f9c319fcca1509a5fda57d08e1ce6e3e873
MD5 hash: 0ca608b22a5054472d208257d99b08ec
humanhash: lion-early-cola-bluebird
File name:payment slip.ARJ
Download: download sample
Signature Formbook
Create hunting rule
File size:767'517 bytes
First seen:2020-08-05 09:30:27 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:SAmIxMA7FGdyg2yDWYDaHsaR8D3awWCJrjkrQrQY6d0LMAh6NqKeHxFkeVIEcq+S:rmIxjMdWYDaMaR8D3awWCorQrQnd7/NO
TLSH 82F4331F722885137C712924B4DCAF6585A7FF6B79288D5B068349E6CF4EA5F8D07203
Reporter abuse_ch
Tags:arj Endurance FormBook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 162-241-204-248.unifiedlayer.com
Sending IP: 162.241.204.248
From: <sales@hinet.net>
Reply-To: roadtriip25@gmail.com
Subject: payment copy
Attachment: payment slip.ARJ (contains "payment slip.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e75254328d8e852f56ae4591792fb9f5b4a6caf977018bf4fefa03f8eced24c3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 09:32:04 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=45jfimunr2cs6vvoiwixsl5z6w2knsxzo4ayx5h67ib7r3hnetbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e75254328d8e852f56ae4591792fb9f5b4a6caf977018bf4fefa03f8eced24c3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj e75254328d8e852f56ae4591792fb9f5b4a6caf977018bf4fefa03f8eced24c3

(this sample)

Formbook

Executable exe 7654e7f6d4c0f38e9f771bf4c6d002b6e816d169afcabee3f028081a25b25506

  
Dropping
MD5 1290d6a3e3ac92e9f94bc01cf8aca1e0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7654e7f6d4c0f38e9f771bf4c6d002b6e816d169afcabee3f028081a25b25506

Comments