MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8860566d20c994ba8a2a0446b7708a263422fd874e9d8997ac3e7b9929c8848b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8860566d20c994ba8a2a0446b7708a263422fd874e9d8997ac3e7b9929c8848b
SHA3-384 hash: c25c61e1f4fcbd0e3b96ceada264a8635b7aa89ea38561054dbce437df41eba74a2a3c5d744cb7d35ea226dea0d9c915
SHA1 hash: 1d643570b5a7ad20d8495b59d57f3d49422e5ed0
MD5 hash: 1b789dc789bbb54c371ec15cca8b4469
humanhash: berlin-michigan-october-north
File name:SHIPPING COMPANY slip-002044040440.r11
Download: download sample
Signature Formbook
Create hunting rule
File size:399'587 bytes
First seen:2020-12-08 07:51:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:T8TjGH6rcaZae72HFLxLw/VRRrIi24vJDhHluD7+i85liP/JEk4K8BqFuTpS+Q:T8OHFa1glxCRT3FuDSi85liP/aRSr
TLSH 628423CEE7F3821534642C95A23F1854A8EFE1C69EF36AF981450750C7E9F7098C6B68
Reporter abuse_ch
Tags:r11


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host8.axxesslocal.co.za
Sending IP: 154.0.175.45
From: info@aas-shipping.com
Subject: shipping & payment papers- 2 copies
Attachment: SHIPPING COMPANY slip-002044040440.r11 (contains "payment slip-002044040440.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8860566d20c994ba8a2a0446b7708a263422fd874e9d8997ac3e7b9929c8848b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 07:52:12 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rbqfm3jazgklvcrkardlo4ekey2cf7mhj2oytf5mhz5zskoiqsfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8860566d20c994ba8a2a0446b7708a263422fd874e9d8997ac3e7b9929c8848b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 8860566d20c994ba8a2a0446b7708a263422fd874e9d8997ac3e7b9929c8848b

(this sample)

Formbook

Executable exe e04ac8ec3e13e60c17c1ab13acb486e2e60877e44b6a3ee8a9e372a45d0c8e42

  
Dropping
MD5 8e82dce6cbe018a709f7f5cccbc4efff
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e04ac8ec3e13e60c17c1ab13acb486e2e60877e44b6a3ee8a9e372a45d0c8e42

Comments