MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ff34aa3dd04a54b54ddda375aa29f3c7fe725404158c0c86fb96e544c709227. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ff34aa3dd04a54b54ddda375aa29f3c7fe725404158c0c86fb96e544c709227
SHA3-384 hash: 8bde4b43e0a2d478b7714a6eb3d7637a77077b58a3ab54c1c63767ea6b431ffda9c6c751f19035361489ac92be3a2b79
SHA1 hash: c95c59f3e9f540ae28c7d059a632cc237006207f
MD5 hash: aa82af71fb4da53c669ee4d2240171d0
humanhash: carpet-enemy-vermont-ink
File name:PO_3801.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:276'776 bytes
First seen:2020-06-16 05:05:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ICITc7W2wtCrzlzUm70B9UCEHZtygIqFUkqj7FMWYjVwVS6lWi:ICIrGlzH+Oj5Iq7q6juVSu
TLSH 6B442333F51A6868BF315A5BCB232DC9377024A46B61C3DF94ECE8D01871827ED79629
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Kabri Hilgers <Kabri.Hilgers@yuntong-batt.co>
Subject: RE: RE: INCREASED ORDER
Attachment: PO_3801.rar (contains "PO_3801.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:06:09 UTC
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7zuvi65assuwvg53i3vviu7hr76ojkaifmmbsdpxfxfitdqsitq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 0ff34aa3dd04a54b54ddda375aa29f3c7fe725404158c0c86fb96e544c709227

(this sample)

FormBook

Executable exe a4906242ed8ef857d5fe0dd5b8e3f1f90baa1bdf6f1030ba09af4a2b8892e08b

  
Dropping
MD5 67f023c3b671fd6cd5c0b443a8d32f7f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4906242ed8ef857d5fe0dd5b8e3f1f90baa1bdf6f1030ba09af4a2b8892e08b

Comments