MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c
SHA3-384 hash: 2e36efa519df9db017247456d665cf12335315a119578eb2e9fcaf4d100a8c1cda219db44d9ce5ddc763df1a68b85138
SHA1 hash: 094b980b64cf66da7a02e5e978cb773ea429013a
MD5 hash: 5ec3febf93b49ff95b8c96f65da8a468
humanhash: april-papa-illinois-five
File name:IMAGES-001-QUOTE REQUEST 21800176_354667485903_09_07_2020PDF.z
Download: download sample
Signature FormBook
Create hunting rule
File size:323'099 bytes
First seen:2020-07-10 07:00:35 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:ccYGGquuBvMUEWtYoEzYleJkjup0kj/g2DOyh0eFlF1lbX7O78IPU+zx7:cet1MUSDzyCkjI0M/g2S7eXhbXK937
TLSH DE6423EA628C6364ED06356EEA74016908D4E1FDAADA13577BA5D728707304F330CEDE
Reporter abuse_ch
Tags:FormBook z


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 3goz.com
Sending IP: 213.128.71.98
From: Leons M <osman@kablo.com>
Subject: RFQ for SS304L U-Tube bundle & OUR QUOTE NO. Q230
Attachment: IMAGES-001-QUOTE REQUEST 21800176_354667485903 _09_07_2020PDF.z (contains "IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:02:09 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6vze7uhsfqz7f2pbcwexnrw3ksycxkihotxcn226ii6vvall5i6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c

(this sample)

FormBook

Executable exe 8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32

  
Dropping
MD5 c1b13db471da675d9887133f6de51d4d
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32

Comments