MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffc76aa72e475f10d8d974cd771b953c666275b16812d5dc71330b85d2db31d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffc76aa72e475f10d8d974cd771b953c666275b16812d5dc71330b85d2db31d8
SHA3-384 hash: 7f88e255ef1ec45c207a0050b33a8913d3403bd882c71a7f292e52bce9ee93cb18990a59f0b89d039cea62d602faaf52
SHA1 hash: 64d37fc9810ec4105af93e418c35cae64bad4af8
MD5 hash: c2bc803c01e7a8d68b5c68bf908a3482
humanhash: stairway-louisiana-princess-connecticut
File name:payment invoice.img
Download: download sample
Signature FormBook
Create hunting rule
File size:358'400 bytes
First seen:2020-07-06 14:51:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:WoTpT3YMasXaMSjWAl58Yiij89rsHT4PxGyS9/kTqyLzQ5vAga:5TprYMIMSjn58YiiKsHigyS9cTqyzSYX
TLSH 6A74F16A33855F36D97903B4A8B1C0340335BE114A65C398ADCC3CDF3B66B158A91FAB
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail0.506.simonleehung.casa
Sending IP: 46.101.184.147
From: Shabeer M. T <shabeermt@lamco.ae>
Subject: Re: Payment Assistance Due To Covid-19 Pandemic
Attachment: payment invoice.img (contains "payment invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffc76aa72e475f10d8d974cd771b953c666275b16812d5dc71330b85d2db31d8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 07:11:10 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=77dwvjzoi5prbwgzotgxog4vhrtge5nrnajnlxdrgmfyluw3ghma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img ffc76aa72e475f10d8d974cd771b953c666275b16812d5dc71330b85d2db31d8

(this sample)

FormBook

Executable exe 7917f62cb4f64cd00ecd938bca8ce2bce08454813b608efca9dbac82aa9758c2

  
Dropping
MD5 cf6f7c82093a2a5fe0cf53ac2e14a5d9
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7917f62cb4f64cd00ecd938bca8ce2bce08454813b608efca9dbac82aa9758c2

Comments