MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a34567e40446f65be0a1e370f4e0e883a2d04da3db449f8293dec4512de01da4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a34567e40446f65be0a1e370f4e0e883a2d04da3db449f8293dec4512de01da4
SHA3-384 hash: 9bad8724d907759c28017a6e21301bb9edc334687ffff21d289a3dae9872a224b511663a87f6c4481771d320e73af518
SHA1 hash: 3223509a57f6f5a70504a28ac176a85e8fc1de36
MD5 hash: fbd8d0bdcbad50225530680b185d9e62
humanhash: mike-pasta-california-paris
File name:PLAN ORDER DURAN.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:811'402 bytes
First seen:2020-10-21 09:58:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:SV1rmefA2C7qkUmpwuy+JVL+Md6awYTJPUAaZisLR0YxjVggM4SZKx:CNfxC7fUmS0VL+CIYTJ8JRDDtH7x
TLSH 1B05230E2599CE545C3D253BA4EB1B0FA2377A49F6C10352F3D41A0D97ABB08E94C7A3
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.intabina.com
Sending IP: 113.23.216.119
From: azhar@intabina.com <azhar@intabina.com>
Reply-To: azhar@intabina.com
Subject: New order Duran - Oct 2020
Attachment: PLAN ORDER DURAN.zip (contains "PLAN ORDER DURAN.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a34567e40446f65be0a1e370f4e0e883a2d04da3db449f8293dec4512de01da4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 01:04:48 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uncwpzaei33fxyfb4nypjyhiqornatnd3ncj7aut33cfclpadwsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip a34567e40446f65be0a1e370f4e0e883a2d04da3db449f8293dec4512de01da4

(this sample)

Formbook

Executable exe 1953a98a6aa1400610bfcfb7cf84cd7bc5309865d9d6a40030f95662782d916e

  
Dropping
MD5 0b8b2682ef116f80e6e4893462975570
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1953a98a6aa1400610bfcfb7cf84cd7bc5309865d9d6a40030f95662782d916e

Comments