MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1783cab38631bf2258e78dedfb3669c9a6cd4fff79b57fe50ce47f3f788f6390. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1783cab38631bf2258e78dedfb3669c9a6cd4fff79b57fe50ce47f3f788f6390
SHA3-384 hash: 3da0c4676ac03b983eeec348315b10882091dc742dc5cfaa23304903113f5cc5b5487c791973693638c17d4fd48228b4
SHA1 hash: 1f5ecaecadd6a8cf327fd6ee6b9ae7e0855ef366
MD5 hash: 3dca0bef1adefc95c7785bf1a31785fe
humanhash: sink-potato-mississippi-paris
File name:Payment Slip.pdf.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:237'749 bytes
First seen:2020-07-02 12:31:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:j7/5pgOT8yGxriYa5InYqeEVeaQSThW2ZxmSHMV:j7hpgOotS3hEMtShWYxDsV
TLSH 6C342325D8DB47BAEC99F22353D6138AF5B8815E11C49E7ECA12FA2CB3B1400C79F195
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: server.eplusglobal.com
Sending IP: 111.90.140.189
From: Kim Low <kim.low@tuplex.com>
Subject: PAYMENT SLIP
Attachment: Payment Slip.pdf.zip (contains "Payment Slip.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQV.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1783cab38631bf2258e78dedfb3669c9a6cd4fff79b57fe50ce47f3f788f6390/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 12:33:04 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c6b4vm4ggg7sewhhrxw7wntjzgtm2t77pg2x7zim4r7t66epmoia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 1783cab38631bf2258e78dedfb3669c9a6cd4fff79b57fe50ce47f3f788f6390

(this sample)

FormBook

Executable exe 985fb6bd28653c5012113b096e61bebb49fe5aeeb53c7a128d323803637cf6cd

  
Dropping
MD5 fd6e85afa80f7c36795bc58dc4d1fa86
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 985fb6bd28653c5012113b096e61bebb49fe5aeeb53c7a128d323803637cf6cd

Comments