MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d40207cb915c24a992e6c0beb0b489d26d16c84e68415daa49d1b7b8d7b73ecb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d40207cb915c24a992e6c0beb0b489d26d16c84e68415daa49d1b7b8d7b73ecb
SHA3-384 hash: 7ff273885a2d24074e53466587529e0e2236f4ef30fb1d94517e880476265e8d9682df8bf18a75402377105beca34150
SHA1 hash: 72c091de86b7ec205fea43a6c5c04b9ec2bc5d06
MD5 hash: 3faf3940773336d74d805c678d02be40
humanhash: harry-golf-cat-alanine
File name:4700011885 spirit airline spares purchase order-romaero.pdf.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:606'388 bytes
First seen:2020-12-05 15:23:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:R14D6FKpjtKtksaJSs+x4gVv7KIe3XzACJYfOV7MV0GdfE+wsaB0Z:IXrpsaB5gobXzxeWV7N2z
TLSH DFD433FE6F22BA1A96792E5AC3A71A21843FBC04D86E71C53F3023DA866116C1D85375
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: spiritaero.com
Sending IP: 156.96.62.84
From: Nick Dryburgh <nick.dryburgh@spiritaero.com>
Reply-To: Nick Dryburgh <r3.crcoeurocontrol.ints@gmail.com>
Subject: ROMAERO - SPIRIT AIRLINE SPARES PURCHASE ORDER - 4700011885
Attachment: 4700011885 spirit airline spares purchase order-romaero.pdf.rar (contains "4700011885 spirit airline spares purchase order-romaero.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
357
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d40207cb915c24a992e6c0beb0b489d26d16c84e68415daa49d1b7b8d7b73ecb/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-05 15:24:06 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2qbaps4rlqsktexgyc7lbnej2jwrnsconbav3ksj2g33rv5xh3fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d40207cb915c24a992e6c0beb0b489d26d16c84e68415daa49d1b7b8d7b73ecb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar d40207cb915c24a992e6c0beb0b489d26d16c84e68415daa49d1b7b8d7b73ecb

(this sample)

Formbook

Executable exe 928c710fc7eaa23a9b84ab77dc39377dc4a0782e3482d8bbda505f955b37d2f8

  
Dropping
MD5 2a6da285d3fe9f86598cd708cc9aadbd
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 928c710fc7eaa23a9b84ab77dc39377dc4a0782e3482d8bbda505f955b37d2f8

Comments