MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5a17791f5169c432bd8956a57b801c65ad9bfd4a3b12478a0240be2bd08ceca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5a17791f5169c432bd8956a57b801c65ad9bfd4a3b12478a0240be2bd08ceca
SHA3-384 hash: 9872c9984b41e06874a78df4e5bb08cf5683ffeb950889077b4e6adf2924824c359a611743560b5c0f69a21ecaee5315
SHA1 hash: cbc97c63252f04f3ec1bdc0758fb39c7467a67ec
MD5 hash: b808bd53f4b57ba9286d155b552b62bb
humanhash: pennsylvania-ceiling-oranges-tennis
File name:Vendors Form,doc.r09
Download: download sample
Signature FormBook
Create hunting rule
File size:273'180 bytes
First seen:2020-07-06 06:27:56 UTC
Last seen:Never
File type: r09
MIME type:application/x-rar
ssdeep 6144:8ligBHofESs6lblM7lRz5L87e8OmE3Dyzy:ijocRG+lRFL4ev5T
TLSH 4D442306EB7FDF33D61EA68443FAA0045F884C137717E109D72B1BAB635A694D46E88C
Reporter abuse_ch
Tags:FormBook r09


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: airliquide.com
Sending IP: 103.125.191.31
From: TSHABALALA, Mandla <mandla.tshabalala@airliquide.com>
Subject: Vendors Payment-Form
Attachment: Vendors Form,doc.r09 (contains "Vendors Form,doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5a17791f5169c432bd8956a57b801c65ad9bfd4a3b12478a0240be2bd08ceca/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 06:29:05 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2wqxpepvc2oegk6ysvvfpoabyznntp6uuoysi6faeqf6fpiiz3fa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r09 d5a17791f5169c432bd8956a57b801c65ad9bfd4a3b12478a0240be2bd08ceca

(this sample)

FormBook

Executable exe 64ac97cf73567009fd4ea4707b2c0ac2917c74842a81bddf874889d772bf9146

  
Dropping
MD5 21df851db48df9dabbbc210bf1a3cb80
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 64ac97cf73567009fd4ea4707b2c0ac2917c74842a81bddf874889d772bf9146

Comments