MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 858163fdbb9de75b6c5e4a028800c6038a14c71401a0fb479d17ea53dba626ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 858163fdbb9de75b6c5e4a028800c6038a14c71401a0fb479d17ea53dba626ba
SHA3-384 hash: bfaac84beaa6b15b3bec08c7518f2faf5b4c3c10c903b91d64dfacf0eefb32f0e2ce7bf95e4c237734502fc22badcf03
SHA1 hash: f5978bbc1f24550cc6598d6ab803bee6201c6169
MD5 hash: 70ae0306b0d434be58402ca099ba00fb
humanhash: ack-earth-friend-spring
File name:Swift Copy.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:528'493 bytes
First seen:2020-10-22 07:40:46 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:WoIxBgqH3oN0ZSdMg3Ga6NwFKG+uYvOoXGaDOQeLFbK3WZGVSo77SN:WoCW63rZkMiz4GAOaOe3fT7C
TLSH 24B4239D39F187C63E9A22D228B82C36492AFFD595804DC737C2145166D9796FCF3C88
Reporter abuse_ch
Tags:7z FormBook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: rdns0.hyterm.xyz
Sending IP: 134.209.44.46
From: Zainul<office@teleaurd.xyz>
Reply-To: <friding7@gmail.com>
Subject: RE: RE: New Order
Attachment: Swift Copy.7z (contains "PI209174.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/858163fdbb9de75b6c5e4a028800c6038a14c71401a0fb479d17ea53dba626ba/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 02:44:31 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwawh7n3txtvw3c6jibiqaggaofbjryuagqpwr45c7vfhw5ge25a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 858163fdbb9de75b6c5e4a028800c6038a14c71401a0fb479d17ea53dba626ba

(this sample)

Formbook

Executable exe afbb4d08bfde470b3405f98f84a5be0456cf40edf8f08f7b4cb7a6cfcf5ee682

  
Dropping
MD5 c3a548481da400874d2efcd1f9e00770
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 afbb4d08bfde470b3405f98f84a5be0456cf40edf8f08f7b4cb7a6cfcf5ee682

Comments