MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d0420a6724f935af0652fbe1d36570e1ceb6e22b20bc050de70f194b847df0d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 3
| SHA256 hash: | d0420a6724f935af0652fbe1d36570e1ceb6e22b20bc050de70f194b847df0d1 |
|---|---|
| SHA3-384 hash: | d483d0e52453fc6484ea9e874d26aee39e27579f2665648e2dfb763d450864cfa28cc8b428eaaae3e07aa52f16912c8f |
| SHA1 hash: | 7981b4b1095c4db552dcd2fb4e8c7f24270c7e58 |
| MD5 hash: | dd161e0ad5f1c8512d790afd5848f1fa |
| humanhash: | red-jersey-charlie-illinois |
| File name: | remittance copy.rar |
| Download: | download sample |
| Signature | Formbook |
| File size: | 673'068 bytes |
| First seen: | 2020-12-15 06:27:32 UTC |
| Last seen: | Never |
| File type: | rar |
| MIME type: | application/x-rar |
| ssdeep | 12288:V+TQHP+/ZSgM/pQxQA94J1XczNLe9Lq+FgZkgg5QX03khXV/fX+66:Xv+/Y/2xz9g1MzEjmegK3k5V76 |
| TLSH | 14E423E23444B7373DE3815A67083302D397EA091F6952D461AF3EA60AF57269AFC4F0 |
| Reporter | |
| Tags: | FormBook rar |
cocaman
Malicious email (T1566.001)From: "Saludos cordiales.<cleclerc@grainesvoltz.com>" (likely spoofed)
Received: "from grainesvoltz.com (unknown [103.99.1.144]) "
Date: "14 Dec 2020 20:58:43 -0800"
Subject: "RE: bank remittance"
Attachment: "remittance copy.rar"
Intelligence
File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Threat name:
Win32.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-12-15 05:22:42 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
13 of 26 (50.00%)
Threat level:
5/5
Detection(s):
Malicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Dropping
Formbook
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.