MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea8ffb8bf7fd6362173685516a773c7bb3fc6d87f0f5b1038f86bf1c2413083e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea8ffb8bf7fd6362173685516a773c7bb3fc6d87f0f5b1038f86bf1c2413083e
SHA3-384 hash: f1487e930b93855f302c3ffff8e36e872738b5fa779e6786f46277321ab5ad1e9a8d01e5696e3606abb76656ae414ba0
SHA1 hash: 9fe8765f9f54e12b6e5ddb17f8398efd1cc39f0a
MD5 hash: b3d552175043a7ad44d1fa8eeab313a7
humanhash: california-pip-batman-papa
File name:PO0620220.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:273'095 bytes
First seen:2020-06-26 07:40:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ohkFkv0ZxztjyBvkx7Xn78+H55Zcfk+pVXpnLVkz9X5XSk/hGHKWaBV3yY5M7s:ohkFvTFwvk1n78uL+DZ5SX5X9uuBVxyg
TLSH 01442396E26BC7EF6EF038E69499C01B0039A1909287F5D72D98D6ADF11FF9C74180E4
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: truserv8.kwikwap.co.za
Sending IP: 197.242.68.122
From: Edward Horton <production@rolop.co.za>
Reply-To: hiring@sunsetcliffsinvest.com
Subject: Purchase Order
Attachment: PO0620220.rar (contains "PO0620220.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea8ffb8bf7fd6362173685516a773c7bb3fc6d87f0f5b1038f86bf1c2413083e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 07:42:05 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5kh7xc7x7vrwefzwqviwu5z4poz7y3mh6d23ca4pq27ryjatba7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar ea8ffb8bf7fd6362173685516a773c7bb3fc6d87f0f5b1038f86bf1c2413083e

(this sample)

Formbook

Executable exe 386a556b93c2fe258d48af61111bf6f2c2a1a599512281bcb039043cdf9b3301

  
Dropping
MD5 32b31326e13fdb2e3f67ad3fbe9fdf43
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 386a556b93c2fe258d48af61111bf6f2c2a1a599512281bcb039043cdf9b3301

Comments