MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1430ca0a818541c464fc1df05702ef90bfab5e74005ba9cc78ca82730efe0236. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1430ca0a818541c464fc1df05702ef90bfab5e74005ba9cc78ca82730efe0236
SHA3-384 hash: c789c069cf114fe2cd1a6572927e7388e860cc2d90f04534228a2b0525999edb6ec888651568a43dbc052441f75472c7
SHA1 hash: d69add916f04421212d417c5fe143fec0d2cd321
MD5 hash: 0195ed72c6105a05d78d72f6a8e3c779
humanhash: ink-hotel-ack-may
File name:Request for Quotation.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:424'205 bytes
First seen:2021-02-26 06:52:33 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 12288:As+CP5a3knGPu2sFaqHPr3jBoedCbTsYB:ApCxa3knGPYF5HPrTBjduTsYB
TLSH 1C9423EBEAAC5081B21FDF7519ACC42B18A4F95429AE19F671D6287DCC19CB4F04C7E0
Reporter abuse_ch
Tags:7z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.haknaz.co
Sending IP: 185.142.24.164
From: "Osama El-Ghali" <postmaster@haknaz.co>
Subject: RE: Request For Quotation
Attachment: Request for Quotation.7z (contains "Request for Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.17434.15614.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1430ca0a818541c464fc1df05702ef90bfab5e74005ba9cc78ca82730efe0236/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 06:53:18 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
15 of 22 (68.18%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cqymucubqva4izh4dxyfoaxpsc72wxtuabn2ttdyzkbhgdx6ai3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 1430ca0a818541c464fc1df05702ef90bfab5e74005ba9cc78ca82730efe0236

(this sample)

Formbook

Executable exe 1df6109d033a42d97b34133e69afc0da679586b85b6614b034ebfd9343062d20

  
Dropping
MD5 1d9fd84bc6eaa80b160bd313750f6ff5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1df6109d033a42d97b34133e69afc0da679586b85b6614b034ebfd9343062d20

Comments