MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26991259e901ac65cebe23efc45f095b11595c8a10c160f04b949421d6e4e217. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26991259e901ac65cebe23efc45f095b11595c8a10c160f04b949421d6e4e217
SHA3-384 hash: 44f2dbb9237c0f7ab784436d589904fd421cea7a81d84dea7e4a9b8b57c3eff36a898f0ad8d604c6644319f0f32b87d5
SHA1 hash: 68d902726b7c49d44f614686d14f319297e9bf6b
MD5 hash: b1486bac2232052cd2e5ef26b7107d99
humanhash: stream-lake-three-pasta
File name:quotes request.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:624'667 bytes
First seen:2020-10-20 15:00:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:lXzbdTz5nYpxdDzk/oSVw3QZ1TeLEaBCNRfW/a6SI2BIv8ugDQdphE:lDBTz8xNk/oSVHuzB8xoa6SICugDKpG
TLSH 42D4332DDADE190C12A5A2B07C58F9E71141A0F3AA81F536D6E09653EBA7D2C0F507F3
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: server.blakecorporations.com
Sending IP: 199.250.204.180
From: M Hanif Azis (malaysia) <Azis.hanif@petronas.com.my>
Reply-To: M Hanif Azis (malaysia) <purchase2@workmail.com>
Subject: quotes request
Attachment: quotes request.zip (contains "quotes request.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26991259e901ac65cebe23efc45f095b11595c8a10c160f04b949421d6e4e217/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 11:50:01 UTC
AV detection:
5 of 47 (10.64%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2mrewpjagwgltv6epx4ixyjlmivsxekcdawb4clsskcdvxe4ilq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26991259e901ac65cebe23efc45f095b11595c8a10c160f04b949421d6e4e217

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 26991259e901ac65cebe23efc45f095b11595c8a10c160f04b949421d6e4e217

(this sample)

Formbook

Executable exe 867ec49152a23a8e5ea628a48ec1810db588a716b922e6d1c8e7c45116908d24

  
Dropping
MD5 489f0e5315b6d3a5dc3a724eff24d97c
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 867ec49152a23a8e5ea628a48ec1810db588a716b922e6d1c8e7c45116908d24

Comments