MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31090536682c2c2e98aff3713c717837efd1cd73569f566a57b95a037866bad7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	31090536682c2c2e98aff3713c717837efd1cd73569f566a57b95a037866bad7
SHA3-384 hash:	6ed6a3f0bd7fb3897196b618b99679e52a3ac7ca58f68b7fcdef30d38de9822ba1e66301121044d6745d74bb2f8abd33
SHA1 hash:	6ff1e1ad75eb53fcd0107d37623a16ef3a25b406
MD5 hash:	e15f8463357265bb96735a50eeae584f
humanhash:	fourteen-quiet-lake-shade
File name:	Purchase Order.zip
Download:	download sample
Signature	Formbook Create hunting rule
File size:	464'416 bytes
First seen:	2021-03-01 07:53:03 UTC
Last seen:	2021-03-10 03:42:26 UTC
File type:	zip
MIME type:	application/zip
ssdeep	12288:xZYWr/JreWOePpmwDs+cPCD+smX9SJte/:x/e5ImIs+cPjNU8
TLSH	61A4237F28D5A3E2B9EE99441D31A7670FA7A2B2F2CBB50174C6B1E302DE15B680C414
Reporter	GovCERT_CH
Tags:	FormBook

Intelligence

File Origin

# of uploads :

13

# of downloads :

110

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_fs231.UNOFFICIAL

Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/31090536682c2c2e98aff3713c717837efd1cd73569f566a57b95a037866bad7/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-03-01 06:12:19 UTC

AV detection:

18 of 48 (37.50%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=geeqkntifqwc5gfp6nyty4lyg7x5dtltk2pvm2sxxfnag6dgxllq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/31090536682c2c2e98aff3713c717837efd1cd73569f566a57b95a037866bad7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 31090536682c2c2e98aff3713c717837efd1cd73569f566a57b95a037866bad7

(this sample)

exe c6ac2829b2373ca2a1eef82c5fa6f8bc6dbf304ef77aaed0a9f9e2f27db9993b

Dropped by

Formbook

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 c6ac2829b2373ca2a1eef82c5fa6f8bc6dbf304ef77aaed0a9f9e2f27db9993b

Dropping

MD5 f785ccb5160fd6d5fc1f25c826e19853

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample