MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7d857ca50966c25916a7ebf08d85492ad7072abb3bb5bef4185ec00e7b3fa54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7d857ca50966c25916a7ebf08d85492ad7072abb3bb5bef4185ec00e7b3fa54
SHA3-384 hash: 5d39cba29d4f3cc33292e7d2d89766e7ce9af9c7c274dc15a62b4f79b0b5ab24300bea41cfad0d8772897d3402e7591a
SHA1 hash: 228b2807a439aa47d60a8c9749da76f054747d3a
MD5 hash: 22b531ac945ceb985d1d61c65ed56149
humanhash: louisiana-connecticut-red-spring
File name:quotes requestss.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:528'645 bytes
First seen:2020-10-26 15:52:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:qfbSQelc0UJpOWdp/kTfNl19mTnYb+hEq:qfb/elc0mpOI6Nl7cY6eq
TLSH 89B42399735A9FCABC7FE0431300F48D7CA3564E6A077C97B282B03A53E66272466D1D
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: Loganatharn.Muniandry@Honeywell.com
Reply-To: Honeywell Safety Products <purchasing@representative.com>
Subject: Quote requesting
Attachment: quotes requestss.zip (contains "quotes requestss.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7d857ca50966c25916a7ebf08d85492ad7072abb3bb5bef4185ec00e7b3fa54/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 08:51:46 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w7mfpssqszwclelkp27qrwcuskwxa4vlwo5vx32bqxwabz5t7jka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip b7d857ca50966c25916a7ebf08d85492ad7072abb3bb5bef4185ec00e7b3fa54

(this sample)

Formbook

Executable exe 2bafe7b4f77916d7ca905d9d46453d27e090b85ba065f4892a886abdc8e51863

  
Dropping
MD5 6d5a203aef0807539e9f608a064eccc6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2bafe7b4f77916d7ca905d9d46453d27e090b85ba065f4892a886abdc8e51863

Comments