MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae0aa8500764226ac534733e885e8650b86207802cb9e37e94872a236ffc49d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae0aa8500764226ac534733e885e8650b86207802cb9e37e94872a236ffc49d6
SHA3-384 hash: c41f4e32b6c48703fffb8d3141d2a4d6e1c8dc6c4be699d0908a25f22ad1a58fe192338a6542bfaceca8832324deb7e6
SHA1 hash: 1c08e91171781824867002b8f5deb4164885703d
MD5 hash: 88de95a3ad0967fc44fee99f62f6d37b
humanhash: lemon-romeo-golf-black
File name:Additional_2021_Agreement_KYC.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:1'507'328 bytes
First seen:2021-01-03 10:50:33 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:zk3I7BX/woEE5GfYKuI8NaBX7c9xlen7nMqpk0DUzCR7FN+jlZ9EzY3AL5O2yhLm:Yq/CEGYDHaBW0vkOUzhZmK2yhLm26lP
TLSH D265AD26E7A9AB01F1BD5775C4B5486082F9BC12A662E93F7CE8349D0BB1BDC0531732
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.camtel.cm
Sending IP: 165.210.32.134
From: Esther ZANGA OSSOMO <Esther.ZANGA@camtel.cm>
Subject: NEW AGREEMENT 2021
Attachment: Additional_2021_Agreement_KYC.iso (contains "2021 Additional Agreement.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35975056.18616.25524.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae0aa8500764226ac534733e885e8650b86207802cb9e37e94872a236ffc49d6/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-02 09:37:27 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vyfkquahmqrgvrjuom7iqxugkc4geb4afs46g7uuq4vcg374jhla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/ae0aa8500764226ac534733e885e8650b86207802cb9e37e94872a236ffc49d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso ae0aa8500764226ac534733e885e8650b86207802cb9e37e94872a236ffc49d6

(this sample)

Formbook

Executable exe 4924681f7988a37fccc12475b5cf9fa0013fb00d1a8da2dfc4c4e25236b35d7d

  
Dropping
MD5 3dbb0741225883b19c1ddd75e9c0c026
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4924681f7988a37fccc12475b5cf9fa0013fb00d1a8da2dfc4c4e25236b35d7d

Comments