MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a525cfb1981ce8d12a3ec61efd86016f4ae1f3dc089b18391a5e8af393e684d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a525cfb1981ce8d12a3ec61efd86016f4ae1f3dc089b18391a5e8af393e684d
SHA3-384 hash: 1c77944f7c6ed6c9d962aec9757c6a4242bf72fa227c62d1878b18ba34e4fbd15fa3e2d9bc4400b3cb3a337c7c7297dd
SHA1 hash: 1677666318a29864c85566a901054c893be719e6
MD5 hash: 2699565544023bc922f2683ed9ef1207
humanhash: indigo-louisiana-alaska-fruit
File name:DK Purchase Order 2021 - 00041.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:409'626 bytes
First seen:2021-03-29 05:43:49 UTC
Last seen:2021-03-29 06:03:12 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:rBKdWFak21TS0FFZvwowbrqLC4wGAoyhKJRImZ/rn8fWneWKI3t4WEwoOnCXppIK:179av1woOrqaAamZjn8fAeGdvmO6IK
TLSH 7E94233D1BA4E6EDB67138BBC1BD110E7CBC9574818D7791F632A549161A7ECB82C302
Reporter cocaman
Tags:FormBook zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Belinda S. Violan" <bsviola@metroaceplastic.com>" (likely spoofed)
Received: "from metroaceplastic.com (unknown [217.146.88.165]) "
Date: "29 Mar 2021 07:58:52 +0200"
Subject: "" lgpartner.ch " New order PO-15547 "
Attachment: "DK Purchase Order 2021 - 00041.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn45.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4a525cfb1981ce8d12a3ec61efd86016f4ae1f3dc089b18391a5e8af393e684d
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a525cfb1981ce8d12a3ec61efd86016f4ae1f3dc089b18391a5e8af393e684d/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-29 05:44:07 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jjjfz6yzqhhi2evd5rq67wdac32k4hz5yce3da4ruxuk6oj6nbgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a525cfb1981ce8d12a3ec61efd86016f4ae1f3dc089b18391a5e8af393e684d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 4a525cfb1981ce8d12a3ec61efd86016f4ae1f3dc089b18391a5e8af393e684d

(this sample)

Formbook

Executable exe 8fcade822dc1b07f474d920e50e3030f491983aad270ad6b9bb68755eb17998c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8fcade822dc1b07f474d920e50e3030f491983aad270ad6b9bb68755eb17998c
  
Dropping
Formbook

Comments