MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37a01627238048b6a0026a3a7670cd73d6aea6f95ae20134dd7f4391c0914d55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37a01627238048b6a0026a3a7670cd73d6aea6f95ae20134dd7f4391c0914d55
SHA3-384 hash: 1c6bbee32a38cf7424e642444edaf572df42d07945a0413d560ab0fb5599bffdd82aa6857fb86318c9816c36d4e53c54
SHA1 hash: a00be8fc1a6514ee8c5ac5f530570555ec9af801
MD5 hash: 03289619bb1fd2b7f65eee58e37d025a
humanhash: xray-florida-oxygen-echo
File name:SOA.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:662'294 bytes
First seen:2020-10-21 09:57:30 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:I90D+Dk3XeRKYhI3KHMjxwzw7N6hPmq9NIpU7Z8nq65z/FsuYeCLYSjENTLEfCdv:IW+oXeRdOKHMNhQPmsNIpU9GHz/6uYeT
TLSH B1E4234CC6D63AB98E63C25A60D7BC240D9BC34441374C1D3E9571AE9416E1A0FAFAFB
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: alzaeembh.com
Sending IP: 103.125.191.170
From: Mustafa Mohammed<Mustafa@alzaeembh.com>
Subject: RE: Revised statement of account
Attachment: SOA.rar (contains "SOA.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37a01627238048b6a0026a3a7670cd73d6aea6f95ae20134dd7f4391c0914d55/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 01:45:26 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g6qbmjzdqbelniacni5hm4gnoplk5jxzllracng5p5bzdqerjvkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 37a01627238048b6a0026a3a7670cd73d6aea6f95ae20134dd7f4391c0914d55

(this sample)

Formbook

Executable exe 115e12fb613c8200563e60ee8acd822733772ebac21e27f203a7342043442d8a

  
Dropping
MD5 7b0214cf12af55b7560d3f1403a46bf1
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 115e12fb613c8200563e60ee8acd822733772ebac21e27f203a7342043442d8a

Comments