MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63acd49123871327ae82449d449a00c06460be02e7d3b04e3edd924ca537b6f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63acd49123871327ae82449d449a00c06460be02e7d3b04e3edd924ca537b6f2
SHA3-384 hash: 240ad7ea87983bfcda50182455118f0a66c26f62df20a2b9743d5d634f66a248a8d40044fc3f0662b4d87586eefe8d72
SHA1 hash: 100468c0aa848be93d99684ad4d65629dc7ec930
MD5 hash: b4dde72db0ee8f2f40a604ccd01cec5d
humanhash: bravo-venus-king-venus
File name:doc91385679454438565.pdf.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:637'283 bytes
First seen:2021-04-06 08:14:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:sfmaTNoMjDhZx1k+Khk11MGyhScLyO2GRfiY:sf3p/Zx1pKhkGDLyuRfiY
TLSH 0ED423D4246453CC6A15BDEEC9A210C2D617ECC0EE3A5EF9F3944E281EC8769ADF3584
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: iwhost8.axxesslocal.co.za
Sending IP: 197.242.150.169
From: Jun <jun@astrauniforms.com>
Subject: RFQ # 1014/397-18/NA
Attachment: doc91385679454438565.pdf.rar (contains "doc91385679454438565.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.RarMal-C.26975.32046.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/63acd49123871327ae82449d449a00c06460be02e7d3b04e3edd924ca537b6f2/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 08:15:10 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mownjejdq4jsplucisoujgqaybsgbpqc47j3atr63wjezjjxw3za._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/63acd49123871327ae82449d449a00c06460be02e7d3b04e3edd924ca537b6f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 63acd49123871327ae82449d449a00c06460be02e7d3b04e3edd924ca537b6f2

(this sample)

Formbook

Executable exe f3bb0f029466577eb6ae2f65253d518335a8d4b7862454445d32a8339499614d

  
Dropping
MD5 6da87cddcef2b7dbb4e5285271a45ac8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f3bb0f029466577eb6ae2f65253d518335a8d4b7862454445d32a8339499614d

Comments