MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0197e3326bf3d082b392eb9b58af07ab3be5c8c7c9e5742e7cfbe3824df89704. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0197e3326bf3d082b392eb9b58af07ab3be5c8c7c9e5742e7cfbe3824df89704
SHA3-384 hash: cd6b775dfe908069b6ca69d2368982bc6ff74cff09425edc0375e734b1e6ae20af902eb3e84d47e9014a2a8381e8e66d
SHA1 hash: b4a5b352633c23730692aabc0277c3b221b940e0
MD5 hash: 2181e8e646cb86344545b3e8cd58ce3f
humanhash: mississippi-artist-oregon-saturn
File name:PO_7823_JUN15.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:282'718 bytes
First seen:2020-06-16 05:33:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Qtd7jY1Xg52gJRYbQdt4jFwNL9sKqtSiT/IUM:QrEe508s8L9sKOScAF
TLSH 0E5423363A4C075CB365B96F92C2E6215652A8B385F7F97AE237B1CF239E106D11C306
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mail0.dinogretchimv.icu
Sending IP: 139.59.84.176
From: Irene <irene@dinogretchimv.icu>
Reply-To: eterecomo@eternalexposure.com.my
Subject: 回复:Invoice :Purchase Order
Attachment: PO_7823_JUN15.zip (contains "PO_7823_JUN15.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.4042.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:35:06 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=agl6gmtl6piifm4s5onvrlyhvm56lsghzhsxilt47pryetpys4ca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 0197e3326bf3d082b392eb9b58af07ab3be5c8c7c9e5742e7cfbe3824df89704

(this sample)

FormBook

Executable exe 34e97a0a96c8965670b1cd995a66c69a8ee72e59a76633e3fe8c8e0dc181f29e

  
Dropping
MD5 28d96cf04062a85e304d237acd351f80
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 34e97a0a96c8965670b1cd995a66c69a8ee72e59a76633e3fe8c8e0dc181f29e

Comments