MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5764af9a64689bae49a6016e1fe37b1503a568a190b1db3c117e99897e7a1e36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 3
| SHA256 hash: | 5764af9a64689bae49a6016e1fe37b1503a568a190b1db3c117e99897e7a1e36 |
|---|---|
| SHA3-384 hash: | 7ab4b6fd43f34dc27155842cbdeae1bf811e36f5133e9fe84080c617fb7f5ef3deb6cef8487dc29cf9c43ffcc253c601 |
| SHA1 hash: | 71932798ecd79ebe91e48636da08bc23a97cbc83 |
| MD5 hash: | 762c76f5baa8504fce537e584f972e39 |
| humanhash: | enemy-batman-oven-georgia |
| File name: | Editing Remittance copy.xls.tar |
| Download: | download sample |
| Signature | Formbook |
| File size: | 454'993 bytes |
| First seen: | 2020-10-16 13:38:24 UTC |
| Last seen: | Never |
| File type: | tar |
| MIME type: | application/x-rar |
| ssdeep | 6144:Dt4nRcro3kPaUXC9qIDCsejAZUqV1nZfvGhNsh0eklBeM5y0YRMDQ1E3M3Ro0z4X:Dt4KPaUS9+bUZ915vTvkP6EY74Zl |
| TLSH | 86A42346AD0DA02A060CD4BCEDA55864147CDC12F9DF5B3BC4BE12FA8AF23AFB9D4514 |
| Reporter | |
| Tags: | FormBook tar |
abuse_ch
Malspam distributing unidentified malware:HELO: cbq.qa
Sending IP: 103.138.109.101
From: IMELDA <imelda.laurente@cbq.qa>
Subject: Payment Advice - {Editing Remittance form}
Attachment: Editing Remittance copy.xls.tar (contains "Editing Remittance copy.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-10-16 12:08:38 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
5/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.