MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db104e159211f9f56991ac063b2363d587de51a58fa2baf51b5f3a14b37025b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db104e159211f9f56991ac063b2363d587de51a58fa2baf51b5f3a14b37025b3
SHA3-384 hash: 26411e005b53f14632192607afbdc663b2100af356cddb73eb7a0ecb401449a7be2be816f175386abbf1d6f3650bf7d1
SHA1 hash: bad934f5786602fa5b52e533711aad823121faab
MD5 hash: f502d35d59e1626a206be529310aad88
humanhash: carbon-yankee-south-enemy
File name:slip.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:389'874 bytes
First seen:2020-10-22 07:50:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:2gMgcDvQ3te96CGBo2HNXgRCjjbZSS51RTP8MM9CtseHIW+Hpng7ChSE:5MgWQ3I2t1Py9kHHcRg7ChSE
TLSH 728423486C7222FAD5FCB078F41A605589B863B7A6A2C8F45347C313FE2653D790D939
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: newserver1.nexusmediaworks.com
Sending IP: 43.252.214.38
From: sharon@merryprice.com
Subject: BANK IN SLIP
Attachment: slip.zip (contains "slip.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21512.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db104e159211f9f56991ac063b2363d587de51a58fa2baf51b5f3a14b37025b3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 04:26:31 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3mie4fmsch47k2mrvqddwi3d2wd54unfr6rlv5i3l45bjm3qewzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip db104e159211f9f56991ac063b2363d587de51a58fa2baf51b5f3a14b37025b3

(this sample)

Formbook

Executable exe 3864dd603fd4616753b80ec6146bccaac77ee9ec7590d088d121dc15db1dc98a

  
Dropping
MD5 aa96ead63f8dac4a8c8fc6e5f74c8531
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3864dd603fd4616753b80ec6146bccaac77ee9ec7590d088d121dc15db1dc98a

Comments