MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c47ad7c2af978d44f3d3a10734b1ddd9722bbc3327a8ed91709bd50d50c0ee55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c47ad7c2af978d44f3d3a10734b1ddd9722bbc3327a8ed91709bd50d50c0ee55
SHA3-384 hash: abd6cf54adb982bffbca58471be22e52488b085add70be4d1fe093046308b323c2bc2604e7aa7b8a031f608932d08de3
SHA1 hash: cacc8ee305463d600b6ad589243541a77833cb82
MD5 hash: e3aba92d975f08f6b163badf7b1a0a14
humanhash: harry-april-charlie-blue
File name:Q10938293.pdf.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:642'928 bytes
First seen:2020-10-13 07:56:17 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:HCkF4naqb7f57HpwSOB/2WZ9YsjKd3yyQcyUtty1vtM83mYbz:UbjpwhB/2U9YsjKdimjy1lMXYf
TLSH 86D4230B27D9C898BD4FEF5A9101550E79CB9791C9CE23170275BA2758FF82B4E4CA18
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.forecastle-shipping.com
Sending IP: 202.93.27.5
From: Tri Abriyanto (Edo) <tri.abriyanto@heintlogistics.com>
Subject: Fwd: CTS RFQ#IM201014BID , CIP AIR SHIPMENT FM HKG-CGK
Attachment: Q10938293.pdf.gz (contains "Q10938293.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c47ad7c2af978d44f3d3a10734b1ddd9722bbc3327a8ed91709bd50d50c0ee55/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 15:37:46 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yr5npqvps6guj46tuedtjmo53fzcxpbte6uo3elqtpkq2uga5zkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c47ad7c2af978d44f3d3a10734b1ddd9722bbc3327a8ed91709bd50d50c0ee55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz c47ad7c2af978d44f3d3a10734b1ddd9722bbc3327a8ed91709bd50d50c0ee55

(this sample)

Formbook

Executable exe 9abd8b37403ea5e7b381e0644acc6655dc01efc4be1edf69992c5a68c33eff1f

  
Dropping
MD5 3c42d4463a741663e9543e9869bc7c43
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9abd8b37403ea5e7b381e0644acc6655dc01efc4be1edf69992c5a68c33eff1f

Comments