MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5986c97bc725fe0811085090b62e0288fd6cf6b16e25b3f1c91bbc3f9bafd21e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5986c97bc725fe0811085090b62e0288fd6cf6b16e25b3f1c91bbc3f9bafd21e
SHA3-384 hash: fe3346aa72f730a0ff118e50c0ff4bc3612ab3da94440c7ec7fde29d6029bfc599a80bf84bc98dca3dd439887cde3337
SHA1 hash: 8986b49cd1c343ed3d4887dff6b7f5a947258f07
MD5 hash: 3400e9da6b74a2147e3844edf739d19b
humanhash: lima-snake-three-oven
File name:Tax Invoice.z
Download: download sample
Signature Formbook
Create hunting rule
File size:1'132'544 bytes
First seen:2021-03-03 07:48:54 UTC
Last seen:Never
File type: z
MIME type:application/x-iso9660-image
ssdeep 24576:WDE4wmI+09uCFZgptBd5zWw2XFfNzEWLnKRWu3/bz:Wyu46Bd5zWwkF1FLKRtH
TLSH 5235ADD816A87CD4F0B1DF3079F82592A2FAB573D60DE549346AD2F9721A891CB70338
Reporter abuse_ch
Tags:z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: [139.59.1.152]
Sending IP: 139.59.1.152
From: sangyoung.ka@samsung.com
Subject: Tax Invoice
Attachment: Tax Invoice.z (contains "Tax Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.17498.6356.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5986c97bc725fe0811085090b62e0288fd6cf6b16e25b3f1c91bbc3f9bafd21e/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 07:49:11 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lgdms66hex7aqeiikcilmlqcrd6wz5vrnys3h4ojdo6d7g5p2ipa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5986c97bc725fe0811085090b62e0288fd6cf6b16e25b3f1c91bbc3f9bafd21e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

z 5986c97bc725fe0811085090b62e0288fd6cf6b16e25b3f1c91bbc3f9bafd21e

(this sample)

Formbook

Executable exe 98820c48f104e5644529c8e9b012e7c2de6aca35aca322b342ccd23aefdedc96

  
Dropping
MD5 59915e5d986c0cb37b96c8e2201a7840
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 98820c48f104e5644529c8e9b012e7c2de6aca35aca322b342ccd23aefdedc96

Comments