MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e2b1735fb64a691cd058356595f5cef0635a12441c77ab42edbb6832f770be2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e2b1735fb64a691cd058356595f5cef0635a12441c77ab42edbb6832f770be2
SHA3-384 hash: 3e503bd65bc2b81906b4694c894c1b0911f3582e506de08b3660181ce737bdc9e95ee7c96bce23673e604ba49d020e41
SHA1 hash: f3557b65ef44a9ecf12e81dfe0b309c7bb85c5fd
MD5 hash: 9d8162b1af94c8cd421d34dfd990be43
humanhash: november-oscar-zebra-kilo
File name:WoolWorths Exclusive Gift Voucher.pdf.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:615'635 bytes
First seen:2020-10-23 06:56:03 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:B8HsnAIayt80CjOXh5UWKGu5Mufz76Rhu64rWuCW7R:B8HXIH8pKYWK5z7IuBv
TLSH 84D4231F82651EA94781075B116459E5DE27B32FA3E0D39F200F81F6E124A479E8BEF3
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: saxamarketing.com
Sending IP: 199.217.115.34
From: noreply@woolworths.co.za
Subject: You have received a WoolWorths Exclusive Gift Voucher !!!
Attachment: WoolWorths Exclusive Gift Voucher.pdf.gz (contains "WoolWorths Exclusive Gift Voucher.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisA09C9E8A90A5.3726.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e2b1735fb64a691cd058356595f5cef0635a12441c77ab42edbb6832f770be2/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 04:56:50 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hyvronp3mstjdtifqnlfsx2454ddlijeihdxvnbo3o3igl3xbpra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 3e2b1735fb64a691cd058356595f5cef0635a12441c77ab42edbb6832f770be2

(this sample)

Formbook

Executable exe 7538931bad1762c44d0d66ea730a3ca6c5acb18d326f3a2f5bffa1f81864354e

  
Dropping
MD5 a09c9e8a90a5870226814aef19815c9f
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7538931bad1762c44d0d66ea730a3ca6c5acb18d326f3a2f5bffa1f81864354e

Comments