MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6dea046891280f2289eceda5727acbb53a3077b0eac96c10e5f95c80d2569df1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6dea046891280f2289eceda5727acbb53a3077b0eac96c10e5f95c80d2569df1
SHA3-384 hash: 1d70128310cd65671228c355da3f730c14bea0c5a46acf487d9b7d1dd32211c3bd1623e45675e9f07be54d83b0ef9372
SHA1 hash: 5d820c751562b87f7c651b76eadf061dd13e65a2
MD5 hash: 861e13f408664e219bf1fab6bad7ccd2
humanhash: magazine-hawaii-montana-cola
File name:Swift01141.Scan.pdf.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:643'136 bytes
First seen:2020-10-09 06:09:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:2TysoeszgBOqc3N/tUARFM3kYElY+FZR5JwiAFjEWL:2+aMzlUAR3vDR5Jwii4WL
TLSH 83D4236AD13857FA475BD58C796090C2A7938101AE30D30C4E7A09DEBDE3235B5AE8DE
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: tonyhai
Sending IP: 117.121.213.248
From: Moscosso Roberto <euroistru@gmail.com>
Subject: RE:RE:RE:Swift
Attachment: Swift01141.Scan.pdf.rar (contains "Swift01141.Scan.pdf..exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6dea046891280f2289eceda5727acbb53a3077b0eac96c10e5f95c80d2569df1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 00:46:38 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxvai2erfahsfcpm5wsxe6wlwu5da55q5lewyehf7foibuswtxyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6dea046891280f2289eceda5727acbb53a3077b0eac96c10e5f95c80d2569df1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 6dea046891280f2289eceda5727acbb53a3077b0eac96c10e5f95c80d2569df1

(this sample)

Formbook

Executable exe 80a9f4ef9f226558954221ab49e2df9557a030d87946368bfb51e7440bd58d8b

  
Dropping
MD5 9f0540a06d10f2b8e68c23ee40ac14b5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80a9f4ef9f226558954221ab49e2df9557a030d87946368bfb51e7440bd58d8b

Comments