MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681
SHA3-384 hash: ff9aab46fb1115edfbaa8237255d347d845f1b196235a700c43a8cb2436a969b2f0667b7ccd0e8ce12cbe346a2ffe5de
SHA1 hash: 232e19d73cf4b6313ece94f6c66d15bbe328d16d
MD5 hash: 38dda800ed7fda9858cdba1b250bfe22
humanhash: oxygen-cat-kansas-ohio
File name:Image 200319USD48742,55.pdf.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:325'120 bytes
First seen:2020-03-31 19:23:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:fRwxU6gprJW4NpWMgDfepc+6vDTTwSx/3yVXL6IzgoYu5MvkTXm:7p9WkaDf5vDTULVctoLm
Threatray 4'934 similar samples on MalwareBazaar
TLSH 1C648D3521EF1156D776EBF30BD8BC7E97A9B233120AF53934C117C68626A0299C2376
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dvelectronics.com
Sending IP: 45.143.222.160
From: Fabio Hoffmann <f.hoffmann@dvelectronics.com>
Subject: RE:RE:RE:BALANCE PAYMENT
Attachment: Image 200319USD48742,55.pdf.r00 (contains "Image 200319USD48742,55.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.6984.12480.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 19:35:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=omh5krhkyfptg7z5flh5mrz7fky5qa35ueaikxfjhtoir6pn62aq._file
Verdict:
malicious
Similar samples:
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
FormBook
489d3efd8b97c389697e1851b7c4351b28725dca02d2550b2c4e3770d747bc97
FormBook
490a783bc399cb6dd9b64ecc8d0f909830fe1a351d18f148493fcdf6eefb52cd
FormBook
4dcaa189e4b595f7c2ea35bf30bcbee49f9f9c2a3bbe16d832a30c8df30c2a88
FormBook
84c1cc6183b56cc7983f93d265089e781d809648f4eb6d0a7a597244009b480c
FormBook
9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7
FormBook
a5a17e29758a200bd8bd3805f5b1f292a236ee994274033ee1953ec7e9690db3
FormBook
b042e4bdfe19df2aa474fd5e2294aecc9a07d447c96466db7a7e20316d885634
FormBook
cc84debcfc3e30a4b682bb53e028acb0a75d56607ab25b2418797f65a7e6efb7
FormBook
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
FormBook
+ 4'924 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 aa007effecd7fac4a70c20b8ddbd206abe525f130f957c3e50e518e6c1cc09f5

FormBook

Executable exe 730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681

(this sample)

  
Dropped by
MD5 7da18f27f8aa1f96c571b32e76d099d8
  
Dropped by
SHA256 aa007effecd7fac4a70c20b8ddbd206abe525f130f957c3e50e518e6c1cc09f5
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments