MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de135c13a8b94043d1be7478994ac948b85b99635394a6a144397f4a92562222. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de135c13a8b94043d1be7478994ac948b85b99635394a6a144397f4a92562222
SHA3-384 hash: 8f77585f0f2cb3eb197d711cd35ddcf8c0ab837bcfd57f5751432b16230b74b1ae4ea3f886905ad08fe8ecd3503a85bf
SHA1 hash: 3fc32a59102e77c1c33ba478ec9e1b03b511538d
MD5 hash: ca8de0272a16d4b1aacd5adaa77a3711
humanhash: mockingbird-delaware-tango-mirror
File name:Quotation RequestOctober Order.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:698'101 bytes
First seen:2020-10-21 09:52:59 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:bdLWdKgqdfLNIXsOxgwWHg2gi75e1tMd6ekgASYmh3UpZVLUIHBzqrz8tKr9TgDl:ZHPLJF+4e1gugppNiZPHBzqrzRZarlz7
TLSH ECE4239DCAD0580B9A7EA5395303AF23D322B09D801564F1CEBBEB2EC6551BF5F91039
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: astronlighting.com
Sending IP: 103.141.138.124
From: manager@astronlighting.com
Subject: New Order 10-2020
Attachment: Quotation RequestOctober Order.r00 (contains "Quotation Request(October Order).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20201022-0752.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de135c13a8b94043d1be7478994ac948b85b99635394a6a144397f4a92562222/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 02:45:31 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3yjvye5ixfaehun6or4jsswjjc4fxgldkokknikehf7uvesweira._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 de135c13a8b94043d1be7478994ac948b85b99635394a6a144397f4a92562222

(this sample)

Formbook

Executable exe 798fa0661cf2b36f6d0a4442ad217f36549a3398b7c7a885c683de0b8899b237

  
Dropping
MD5 c7c3555d0ac6dc1ea84cc8d74542f3c9
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 798fa0661cf2b36f6d0a4442ad217f36549a3398b7c7a885c683de0b8899b237

Comments