MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0420a6724f935af0652fbe1d36570e1ceb6e22b20bc050de70f194b847df0d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0420a6724f935af0652fbe1d36570e1ceb6e22b20bc050de70f194b847df0d1
SHA3-384 hash: d483d0e52453fc6484ea9e874d26aee39e27579f2665648e2dfb763d450864cfa28cc8b428eaaae3e07aa52f16912c8f
SHA1 hash: 7981b4b1095c4db552dcd2fb4e8c7f24270c7e58
MD5 hash: dd161e0ad5f1c8512d790afd5848f1fa
humanhash: red-jersey-charlie-illinois
File name:remittance copy.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:673'068 bytes
First seen:2020-12-15 06:27:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:V+TQHP+/ZSgM/pQxQA94J1XczNLe9Lq+FgZkgg5QX03khXV/fX+66:Xv+/Y/2xz9g1MzEjmegK3k5V76
TLSH 14E423E23444B7373DE3815A67083302D397EA091F6952D461AF3EA60AF57269AFC4F0
Reporter cocaman
Tags:FormBook rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Saludos cordiales.<cleclerc@grainesvoltz.com>" (likely spoofed)
Received: "from grainesvoltz.com (unknown [103.99.1.144]) "
Date: "14 Dec 2020 20:58:43 -0800"
Subject: "RE: bank remittance"
Attachment: "remittance copy.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d0420a6724f935af0652fbe1d36570e1ceb6e22b20bc050de70f194b847df0d1/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-15 05:22:42 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2bbauzze7e226bss7pq5gzlq4hhlnyrlec6akdphb4muxbd56diq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d0420a6724f935af0652fbe1d36570e1ceb6e22b20bc050de70f194b847df0d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar d0420a6724f935af0652fbe1d36570e1ceb6e22b20bc050de70f194b847df0d1

(this sample)

Formbook

Executable exe 1c1b7da24da155de4bfc0447f6b191cc1d4fe6af50f5663503cdb039029da222

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c1b7da24da155de4bfc0447f6b191cc1d4fe6af50f5663503cdb039029da222
  
Dropping
Formbook

Comments