MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44f37e5635bafb5b1ef855fbf71e9eb0d4ff713745227ed35e3aef03d57b94c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44f37e5635bafb5b1ef855fbf71e9eb0d4ff713745227ed35e3aef03d57b94c3
SHA3-384 hash: 8efff6e1e1b9bf50435860764887302c8e13e3bb99c09c9a0770dd4da3beebd33591effbadc4c608ce9c2522c3a28a73
SHA1 hash: 265bf0ff3cea0554b5792030fe0577157e9f8bcc
MD5 hash: 8c7b8a8103b12c095296e44c16834791
humanhash: pizza-mobile-oregon-kilo
File name:New Purchase Order.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:270'611 bytes
First seen:2020-05-19 05:52:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:mvTaKPn8aVpePCRDQst9OD474zrkmy8/WxgD99:zKv8aje0QMOO8yBxgD99
TLSH 484423246921BBAF2A442A368DA7E1BF7BBB05F7B40E2E1F9141D65D7094D0F0E0E05C
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: WIN-4JVOGHKI1Z0
Sending IP: 103.133.110.105
From: Roman Cheremisin <admin@beoxies.ml>
Reply-To: mm1045725@gmail.com
Subject: RE New Purchase Order
Attachment: New Purchase Order.zip (contains "New Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 04:03:32 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=itzx4vrvxl5vwhxykx57ohu6wdkp64jxiurh5u26hlxqhvl3stbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 44f37e5635bafb5b1ef855fbf71e9eb0d4ff713745227ed35e3aef03d57b94c3

(this sample)

FormBook

Executable exe 1158faac2f05071553e63e40809ecdd0450934aa8e372728dcabf9cedbbb5ffa

  
Dropping
MD5 96a30558f4469401234772997919adc0
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1158faac2f05071553e63e40809ecdd0450934aa8e372728dcabf9cedbbb5ffa

Comments