MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24db502d550569e92e0d4639071027fd8d85d42af5f5e7f76cbd4d95773c9b32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24db502d550569e92e0d4639071027fd8d85d42af5f5e7f76cbd4d95773c9b32
SHA3-384 hash: 2357233e7ca8e94908173c1255eaccdcc1b426ac8b12b153bbc374a3cb5b2ae87129bdbb143125035a023ed2a4dd283c
SHA1 hash: 5dab846ad0248e83d8b35f6bd771d6543d35b793
MD5 hash: 84a51e4b60f5a224c11ef36019c37218
humanhash: gee-monkey-undress-venus
File name:Quote.cab
Download: download sample
Signature Formbook
Create hunting rule
File size:586'142 bytes
First seen:2020-12-29 07:59:22 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:5hiXT7EwCv/wSLSW7jZ1JswDqm0rPxC6nd3cuBb3cK12itUWg:TijxCvXLF35s+qLxMsXrg
TLSH E5C423C21406ACF3DCE50CBF98B5EF75C1A1ACB7CE441C1F4A17A9A7B0495A26FA610D
Reporter abuse_ch
Tags:cab FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail-smail-vm46.hanmail.net
Sending IP: 203.133.180.234
From: 구미이엔지 <kumieng@hanmail.net>
Subject: 견적 문의의 건
Attachment: Quote.cab (contains "Quote.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.494.12372.28156.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24db502d550569e92e0d4639071027fd8d85d42af5f5e7f76cbd4d95773c9b32/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-29 08:00:08 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=etnvalkvavu6slqniy4qoebh7wgylvbk6x26p53mxvgzk5z4tmza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24db502d550569e92e0d4639071027fd8d85d42af5f5e7f76cbd4d95773c9b32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

cab 24db502d550569e92e0d4639071027fd8d85d42af5f5e7f76cbd4d95773c9b32

(this sample)

Formbook

Executable exe 0d41517fe048b21edfd59458b0dc8966e53daacdb7e7c5a7bdc7dab5bf233bd1

  
Dropping
MD5 4897649e6bcdc036d105cd3df01ef970
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0d41517fe048b21edfd59458b0dc8966e53daacdb7e7c5a7bdc7dab5bf233bd1

Comments