MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93d60bc86f162809dac87051b5ede24533af21ed5c4b7b70fdf4590f100d6075. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93d60bc86f162809dac87051b5ede24533af21ed5c4b7b70fdf4590f100d6075
SHA3-384 hash: 35b3e17eae259681bc211b275c87ef20e84f947d309ab9eac27a3ba128caeee2fcd7e8f3e97f805b1fa5b31451e4873f
SHA1 hash: 68d50a0c2e3dd3e03239593e36ed842d087681b7
MD5 hash: c24894b9052f318f5f27c9c06ce38574
humanhash: thirteen-social-four-grey
File name:Dco.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:292'930 bytes
First seen:2020-06-12 06:29:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:/xNAwZJdrKGsxXtVUVdZmIM+s8Dhu/PaeP+g+KLw:/Awl0dVUVnj3u/LWgzw
TLSH 6F5423737746CAD652632B10E543CB001AB061A21525F180FAE13B67F5DC1ECEEAA5BF
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: sonic301-30.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.184.199
From: abdul rehman memon <seyani_1234@yahoo.com>
Subject: FW: Payment Transfer
Attachment: Dco.rar (contains "Dco.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:31:07 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=splaxsdpcyuatwwiobi3l3pciuz26ipnlrfxw4h56rmq6eanmb2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 93d60bc86f162809dac87051b5ede24533af21ed5c4b7b70fdf4590f100d6075

(this sample)

FormBook

Executable exe 5b775ccff09e5e183a237343bbc0b6057af38838c0781d7927ac5aa686d2e56b

  
Dropping
MD5 19cf4db2791fc60e7239d769d100ebf1
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5b775ccff09e5e183a237343bbc0b6057af38838c0781d7927ac5aa686d2e56b

Comments