MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df1f19f5e23dfa70466d8fc1df2ca5e699cdbe7a2c83e077914f4ec74445088e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df1f19f5e23dfa70466d8fc1df2ca5e699cdbe7a2c83e077914f4ec74445088e
SHA3-384 hash: 09af89468e4313d4e35e30e174d4a4d9613a541aa238c7729dfe5ba8882cde8a27a0f1539f45ce329f112a7bbd463935
SHA1 hash: 2282f492e73479397e9b4dad22591961327f4895
MD5 hash: 568fa7becac49bd0989b0aace4ed86d0
humanhash: lima-stream-oscar-spaghetti
File name:B of L - way bill return.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:536'552 bytes
First seen:2021-04-07 05:53:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:N672iekugeF8T+AJNUvaHBt+KzQx+sRf0Vddu+wAWFNwv9K:NotekugB/+si+sOVddZwFrIK
TLSH 24B423D2786728EA0879E55CD8C06E831E547ED442219314836A99EF0E33FFBA5534BF
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ns6.uzinfocom.uz
Sending IP: 91.212.89.55
From: namangan@akmt.uz
Subject: Fwd: B/L is wrongly
Attachment: B of L - way bill return.rar (contains "B of L - way bill return.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df1f19f5e23dfa70466d8fc1df2ca5e699cdbe7a2c83e077914f4ec74445088e/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 05:54:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=34prt5pchx5hartnr7a56lff42m43pt2fsb6a54rj5hmorcfbcha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/df1f19f5e23dfa70466d8fc1df2ca5e699cdbe7a2c83e077914f4ec74445088e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar df1f19f5e23dfa70466d8fc1df2ca5e699cdbe7a2c83e077914f4ec74445088e

(this sample)

Formbook

Executable exe e614d735f9fb59c6c21cfed37a1177fa6607684c1ef6be58707b517c96407462

  
Dropping
MD5 4aa31344c11a8bf34ea047ebcb352b35
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e614d735f9fb59c6c21cfed37a1177fa6607684c1ef6be58707b517c96407462

Comments