MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8249750375d83ace56f289f2c37811ca35b51241ebcff962fc3bb84a18e4fcf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8249750375d83ace56f289f2c37811ca35b51241ebcff962fc3bb84a18e4fcf3
SHA3-384 hash: 9da7347cf8e3f6f9c3913de7207b7ae8fb21108278f8135f192d93ec9f554473038bdd587025a3e1c336aa487878c4eb
SHA1 hash: 7f49e7106f833d70c178bfb618a5d5e7c5cefdd9
MD5 hash: 35a208c3a2c10d3cbdae6c00094aa1d6
humanhash: two-salami-juliet-single
File name:PAHO World Health Organization.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:622'574 bytes
First seen:2020-10-20 11:47:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:nK747R1wMesKkyMVw9zWSriF/hqAlIdrj0Wyoi38MyTj/rK+4ohPR:nKU7s+5q91rCXydrj2psMyu4R
TLSH DFD423DA1050440DCD126F95A0B91429B66370C0726FDDBE0AA7F185DF813ABFB9B8F8
Reporter abuse_ch
Tags:FormBook WHO zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: spuredgecorp.com
Sending IP: 192.236.160.195
From: Dr Carlos Garzon Becerra <garzonc@paho.org>
Reply-To: garzonc.paho@teachers.org
Subject: PAHO World Health Organization / solicitud de presupuesto
Attachment: PAHO World Health Organization.zip (contains "PAHO World Health Organization.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8249750375d83ace56f289f2c37811ca35b51241ebcff962fc3bb84a18e4fcf3/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 11:49:04 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qjexka3v3a5m4vxsrhzmg6arzi23kesb5ph7syx4ho4eughe7tzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/8249750375d83ace56f289f2c37811ca35b51241ebcff962fc3bb84a18e4fcf3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 8249750375d83ace56f289f2c37811ca35b51241ebcff962fc3bb84a18e4fcf3

(this sample)

Formbook

Executable exe c5bfbac52396976e672116e5fb07d6cae05d2b07b749d08283a26bcf29677dbe

  
Dropping
MD5 d43da6113a21cd0c01294c1ca7b2c23f
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c5bfbac52396976e672116e5fb07d6cae05d2b07b749d08283a26bcf29677dbe

Comments