MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c88c1c408acb9f504bbf2556fdd5a48b96d0ce2526a8f803a4f9ee08cdec6e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c88c1c408acb9f504bbf2556fdd5a48b96d0ce2526a8f803a4f9ee08cdec6e1
SHA3-384 hash: a45a47755ab2beee72da3c52d7efb27f6861e553c65f57857d873b511a6e9f1ac0670109213d2c9e931387ca9f60540c
SHA1 hash: e48be2a55a3e1fa139f6daee3dc3ecfcd096aec3
MD5 hash: 21112c7e1e1491e1a361ab9ea0f24b5c
humanhash: lima-red-august-low
File name:Quotation.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'310'720 bytes
First seen:2020-11-05 09:35:48 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:qYVBZJm/bT4gpQHdAqkbmrKuQrFkiVais5DFPv082u2QwQW8/1vtrZH+SZ6m:bUPTQHCqkbmrKReVieFPMNzQW8/fBY
TLSH 4855F19267D8FB98D57E3B315B7156680B77FD91283DC64F286CF44D0AB2A08CE10BA1
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: bjcs01.serverproof.net
Sending IP: 180.76.192.144
From: account-sh@fhtextile.com
Subject: Re: inquiry
Attachment: Quotation.img (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35082103.30516.6367.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c88c1c408acb9f504bbf2556fdd5a48b96d0ce2526a8f803a4f9ee08cdec6e1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 03:27:05 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dsemdraivs47kbf36jkw7xk2jc4w2dhckjvi7ab2j6pobdg6y3qq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 1c88c1c408acb9f504bbf2556fdd5a48b96d0ce2526a8f803a4f9ee08cdec6e1

(this sample)

Formbook

Executable exe a9a6a44f3eca95cc7785debebea767461798f27978628c58a06474005b8855c8

  
Dropping
MD5 0a349adaa372da48f43ef9e64330645b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a9a6a44f3eca95cc7785debebea767461798f27978628c58a06474005b8855c8

Comments