MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 259360224628e34273052e9354aedae7a6633b8ab10ff29386a4849e181a859e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 259360224628e34273052e9354aedae7a6633b8ab10ff29386a4849e181a859e
SHA3-384 hash: 45a7f5c69b076647a6a0496233499079005f4f6364f78fbbdeeb3be09515b92c710964a68720f4b1504643dbbb496a7b
SHA1 hash: adf3daec03fe1b3df88092499f1b8ff1eb1b4fa6
MD5 hash: ed4718d0ef2b0bd80ccff4928814b5ae
humanhash: eight-aspen-papa-carolina
File name:ST10501909262401.pdf.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:446'854 bytes
First seen:2020-10-19 18:14:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:q9MRrn3a878ffkIZSiH8oy3JRl7GfwYTBv0nj92ETOtl9Jp:qcAnVryPl7GfwYTB8kVJp
TLSH DD9423167E989F84902E9AEF101815F9EBF335AB6FCC7C4184C09AFB55060A7AD934F1
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp99.iad3a.emailsrvr.com
Sending IP: 173.203.187.99
From: Husaein Ebshy <hussein.hassan@cbq.qa>
Subject: Confirming - Notice of payment
Attachment: ST10501909262401.pdf.zip (contains "ST10501909262401.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.424.17594.8372.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/259360224628e34273052e9354aedae7a6633b8ab10ff29386a4849e181a859e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 13:59:22 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewjwaisgfdrue4yff2jvjlw246tggo4kweh7fe4guscj4ga2qwpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/259360224628e34273052e9354aedae7a6633b8ab10ff29386a4849e181a859e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 259360224628e34273052e9354aedae7a6633b8ab10ff29386a4849e181a859e

(this sample)

Formbook

Executable exe c1a6e1cdb47df8fdaea4c501aeef551c5608735a82078d2b32229570cb1c44af

  
Dropping
MD5 c9f7d4a9726cf40c049a1955c5169dc2
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1a6e1cdb47df8fdaea4c501aeef551c5608735a82078d2b32229570cb1c44af

Comments