MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 beed103bd255f4c6825adfb41d6a7fb1a1d8de6f76a0b26430d317a1cf4de2a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: beed103bd255f4c6825adfb41d6a7fb1a1d8de6f76a0b26430d317a1cf4de2a0
SHA3-384 hash: d0a84981784552d53e19c6f907bc0cfdf5380d1dd89d1094f14b4ddef7590ffcc8eace2fbbcc0ff7d76fe98f7c28e5d7
SHA1 hash: 91c1cde62027f746141fbc54c3ba38accc678975
MD5 hash: b234acaec6d94afb5f694b73f69c4465
humanhash: sodium-artist-six-muppet
File name:요청자료목록.cab
Download: download sample
Signature Formbook
Create hunting rule
File size:795'624 bytes
First seen:2020-12-17 08:31:02 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:jrxcuSSYkHX7hYnkYgJ9NyzEQyB+5fiJ52+iqvJCyVFcGff+sHkvpblODhdbb1dY:jrxBSSYSrhYnsUzE+0E+9LKhbi/vU
TLSH 7D052352CF2F13617C3478A11856DD519CA0353D6672AE2812EBB47F2CF43E8F68A58D
Reporter abuse_ch
Tags:cab FormBook geo KOR


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: 이상훈 배상 <leesy3581@hanmail.net>
Subject: 요청자료목록
Attachment: 요청자료목록.cab (contains "order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/beed103bd255f4c6825adfb41d6a7fb1a1d8de6f76a0b26430d317a1cf4de2a0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 03:15:13 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x3wrao6skx2mnas2362b22t7wgq5rxtpo2qlezbq2ml2dt2n4kqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/beed103bd255f4c6825adfb41d6a7fb1a1d8de6f76a0b26430d317a1cf4de2a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

cab beed103bd255f4c6825adfb41d6a7fb1a1d8de6f76a0b26430d317a1cf4de2a0

(this sample)

Formbook

Executable exe 5827618e631faa0da77858e8849358e5f1e811c62986700aa1f33cf4e26ce516

  
Dropping
MD5 cc220989bd9311e494f9b7830e95ff5a
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5827618e631faa0da77858e8849358e5f1e811c62986700aa1f33cf4e26ce516

Comments