MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0607aaa0d8df20ed7a0ff4095f4dafa5338302b95bc71042d690e67d95749a91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0607aaa0d8df20ed7a0ff4095f4dafa5338302b95bc71042d690e67d95749a91
SHA3-384 hash: 9e89f69429632a3d833aa5753bf9fd5af8d46de30a93abdc318e9f7e87b758a058d63304c958abd8ea9fe9cf22684a30
SHA1 hash: dbb9fb7ecb0e98240efbf8d01264295e8a881ddf
MD5 hash: 17cc1731cf36b3bc37a29eac0fadbb93
humanhash: september-mockingbird-sierra-earth
File name:PO_1012000.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:518'225 bytes
First seen:2020-10-12 09:46:40 UTC
Last seen:2020-10-12 09:52:32 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:kUWn6xzjTruWWJmVXZISIG9hjqSHxOkT9wFK:KmeWzj6whjqSJwFK
TLSH C5B4235709FBE946AAA394B40C38E1850C3D2CE77D14CF960D2675A068CE79CDA32FD6
Reporter abuse_ch
Tags:FormBook Hostwinds rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hwsrv-779728.hostwindsdns.com
Sending IP: 104.168.218.39
From: "hr-jcheung.pw" <hr@jcheung.pw>
Subject: URGENT PO_1012000007 NEW
Attachment: PO_1012000.rar (contains "PO_1012000.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0607aaa0d8df20ed7a0ff4095f4dafa5338302b95bc71042d690e67d95749a91/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 09:48:11 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayd2vigy34qo26qp6qev6tnpuuzygavzlpdraqwwsdth3flutkiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0607aaa0d8df20ed7a0ff4095f4dafa5338302b95bc71042d690e67d95749a91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 0607aaa0d8df20ed7a0ff4095f4dafa5338302b95bc71042d690e67d95749a91

(this sample)

Formbook

Executable exe b33d4aa5d310ea72ac089f58b923d2f9c95a63864cf55052b3933a6c12c40d4b

  
Dropping
MD5 61de5b0f44beb0866a05b94defa7dbb0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b33d4aa5d310ea72ac089f58b923d2f9c95a63864cf55052b3933a6c12c40d4b

Comments