MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5764af9a64689bae49a6016e1fe37b1503a568a190b1db3c117e99897e7a1e36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5764af9a64689bae49a6016e1fe37b1503a568a190b1db3c117e99897e7a1e36
SHA3-384 hash: 7ab4b6fd43f34dc27155842cbdeae1bf811e36f5133e9fe84080c617fb7f5ef3deb6cef8487dc29cf9c43ffcc253c601
SHA1 hash: 71932798ecd79ebe91e48636da08bc23a97cbc83
MD5 hash: 762c76f5baa8504fce537e584f972e39
humanhash: enemy-batman-oven-georgia
File name:Editing Remittance copy.xls.tar
Download: download sample
Signature Formbook
Create hunting rule
File size:454'993 bytes
First seen:2020-10-16 13:38:24 UTC
Last seen:Never
File type: tar
MIME type:application/x-rar
ssdeep 6144:Dt4nRcro3kPaUXC9qIDCsejAZUqV1nZfvGhNsh0eklBeM5y0YRMDQ1E3M3Ro0z4X:Dt4KPaUS9+bUZ915vTvkP6EY74Zl
TLSH 86A42346AD0DA02A060CD4BCEDA55864147CDC12F9DF5B3BC4BE12FA8AF23AFB9D4514
Reporter abuse_ch
Tags:FormBook tar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cbq.qa
Sending IP: 103.138.109.101
From: IMELDA <imelda.laurente@cbq.qa>
Subject: Payment Advice - {Editing Remittance form}
Attachment: Editing Remittance copy.xls.tar (contains "Editing Remittance copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5764af9a64689bae49a6016e1fe37b1503a568a190b1db3c117e99897e7a1e36/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 12:08:38 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5sk7gtencn24sngafxb7y33cub2k2fbscy5wparp2mys7t2dy3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5764af9a64689bae49a6016e1fe37b1503a568a190b1db3c117e99897e7a1e36

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

tar 5764af9a64689bae49a6016e1fe37b1503a568a190b1db3c117e99897e7a1e36

(this sample)

Formbook

Executable exe 77e828d113038623ccfca7e111b60675fd36ea404545f8ce828d7f8505244f0d

  
Dropping
MD5 fe348898b6d84d43a80dfbc48d94c63d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 77e828d113038623ccfca7e111b60675fd36ea404545f8ce828d7f8505244f0d

Comments