MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ecd71d02ab11060111ed4dc678704f5633c5a8cad23176dd9ca802942c0aa48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ecd71d02ab11060111ed4dc678704f5633c5a8cad23176dd9ca802942c0aa48
SHA3-384 hash: 8a3d925a674f1bb76521348aa855e6dfb3bf41ebaa327aaf344cd2ca5bde3181846ab297f21346beef4238f4a4d975b9
SHA1 hash: 8baf4ac014854e8ff87ae5e29df3fca682323dfb
MD5 hash: 5c08907166ca19747f7925d410bfe9bf
humanhash: network-black-louisiana-ten
File name:purchase list.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:311'083 bytes
First seen:2020-07-10 07:34:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:XuVXEIPicJIiMPCmahIIM6GL2fuO8tgipJE8/ta9OmV1vQQnngpJ6:XI6cJpMBapM6faBHav/lng6
TLSH 8A642349DDADEF528BC83270B7CEA52155316BF02BD79090D6D27B8A35B58B18F0EE04
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: gmail.com
Sending IP: 37.49.224.106
From: Bhavya ResourcesLTD<bhavyacontainers@gmail.com>
Reply-To: bhavyacoresourcesltd@gmail.com
Subject: /PMV/Order Reuqest: 4075 AL DEEB CONTRACT Supply of item
Attachment: purchase list.zip (contains "purchase list.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ecd71d02ab11060111ed4dc678704f5633c5a8cad23176dd9ca802942c0aa48/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:36:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d3gxdubkweigaei62togpbye6vrtywumvurro3ozzkacsqwavjea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 1ecd71d02ab11060111ed4dc678704f5633c5a8cad23176dd9ca802942c0aa48

(this sample)

FormBook

Executable exe df745e4434b953ab404e59ef73608a9f3148fa7d629a28b7401c295efdf618b6

  
Dropping
MD5 d6f63695191aecfe9c2a83523e2dce38
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df745e4434b953ab404e59ef73608a9f3148fa7d629a28b7401c295efdf618b6

Comments