MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7414df7b06b0fafeee2eda549c8049582eb90d46783ba398e6319315ac81e41d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7414df7b06b0fafeee2eda549c8049582eb90d46783ba398e6319315ac81e41d
SHA3-384 hash: 08b5a2524c61ef865f283289b23b809de8a0f01505b64a306c3251e65553498a81bd85c50410b180548539a9f1276796
SHA1 hash: d8e5a96d87ca13812698a34a3a2c55a9964ab937
MD5 hash: e88e8ce6d68c7c8037c1b269dd15691c
humanhash: lamp-fifteen-one-maryland
File name:Proforma Invoice PDF.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:528'187 bytes
First seen:2020-10-22 06:52:29 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:wWoA6KjqhvrKTL6bq/09SeZJjed9E1EIHwBvMGMnWVDeAPZO7zEirshm08JND/hq:imOOTui0pad98JNB9A0DFV37yISbIq
TLSH D2B423AC8D6D1115BBC60CA6407B76108069D7FBDC1E089109FA5F0B7EB85B5F13ABB8
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: morganplc.com
Sending IP: 103.141.138.124
From: Esther Ruiz <Esther.Ruiz@morganplc.com>
Subject: Proforma Invoice Request
Attachment: Proforma Invoice PDF.r00 (contains "Proforma Invoice PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7414df7b06b0fafeee2eda549c8049582eb90d46783ba398e6319315ac81e41d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 02:10:46 UTC
AV detection:
20 of 47 (42.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oqkn66ygwd5p53ro3jkjzacjlaxlsdkgpa52hghgggjrlleb4qoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 7414df7b06b0fafeee2eda549c8049582eb90d46783ba398e6319315ac81e41d

(this sample)

Formbook

Executable exe 020f6782cf76a5a4f0fc561da8c503892094137b8e5df112005a31885cdc89ef

  
Dropping
MD5 da3d4232c904b9b1ede8a14a26329db8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 020f6782cf76a5a4f0fc561da8c503892094137b8e5df112005a31885cdc89ef

Comments