MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 964e4379af26d646ba1a2c8e6998d8d1c6cfab9fc66f520fc1de629ecaff7f67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 964e4379af26d646ba1a2c8e6998d8d1c6cfab9fc66f520fc1de629ecaff7f67
SHA3-384 hash: 70b83239f69e6463362fe8f707999242202ebaaa99ddbaadc69f94e418009aafea16c0ac597b62a28e7991aca13b11d5
SHA1 hash: 8bf8f716d19dd86a604ec8809415b69d812b2047
MD5 hash: 7883cfeb3de0564741ea80bc9f25b075
humanhash: xray-wyoming-sixteen-solar
File name:NAGraphics11420.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-11-04 12:55:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:y/bNMimzG9F1wo2CpBhFZztybtCCH96cHZG:y/bNkzNoRLwP0wZG
TLSH 7845C0167388CCB1E1A6187508B0DAB10D6CA8713D3F489BF7CD5A7ACB689C16235B5F
Reporter cocaman
Tags:FormBook img


Avatar
cocaman
Malicious email (T1566.001)
From: ""Gordon Alkerton"<office@pellyds.xyz>"
Received: "from rdns0.pellyds.xyz (rdns0.pellyds.xyz [64.227.13.128]) "
Date: "Tue, 3 Nov 2020 16:50:09 -0800"
Subject: "Inquiry from N/A Graphics Ltd"
Attachment: "NAGraphics11420.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35081690.17823.24874.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/964e4379af26d646ba1a2c8e6998d8d1c6cfab9fc66f520fc1de629ecaff7f67/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 02:14:34 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=szheg6npe3lenoq2fshgtggy2hdm7k47yzxved6b3zrj5sx7p5tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 964e4379af26d646ba1a2c8e6998d8d1c6cfab9fc66f520fc1de629ecaff7f67

(this sample)

Formbook

Executable exe 048a4bdb5c21a62e9028370b06b2804aaeb3b85b2446f5c47ff3fb3e7f676be8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 048a4bdb5c21a62e9028370b06b2804aaeb3b85b2446f5c47ff3fb3e7f676be8

Comments