MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfbbbe2eb46a0575def0cf92204de33b435a2680ac2f34ccc7ff6e250fea1717. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfbbbe2eb46a0575def0cf92204de33b435a2680ac2f34ccc7ff6e250fea1717
SHA3-384 hash: 6b626c69b89e6dfe0a229a72806efaf3f191dfebbe81884ca24d73fdff284baf4cfe40c25abc1fdb7f7e9e700337039d
SHA1 hash: 00cab5cf4149c334a175d7c2c04ec7388bf00dc4
MD5 hash: eb70a3fb620518b8b05c10b6bd39b60c
humanhash: harry-single-shade-music
File name:Mv Maersk Kleven V949E_pdf.xz
Download: download sample
Signature Formbook
Create hunting rule
File size:593'305 bytes
First seen:2021-01-15 07:15:28 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:JKyElUSthda0tGF3FSmJ411p9+MJo8a0IF5sBr/MlxZ6M0AiNMHTxUq5Op7:JKQAaOYtO11p9+P8TIFep/sSMd/r5+
TLSH F5C423CABFA819B5F44E71FA94639E2364EC832109C92F58ED064B79FC3D69145BC188
Reporter abuse_ch
Tags:FormBook Maersk xz


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vm4983.aproweb.it
Sending IP: 217.64.205.19
From: A.P. Moller - Maersk <info@hoteldaltavilla.it>
Subject: RE : RE : URGENT!!! 2 x 20ft - SHIPPING DOC BL,SI,INV#462345 // MAERSK KLEVEN V.949E // CLGQOE191781 //
Attachment: Mv Maersk Kleven V949E_pdf.xz (contains "Mv Maersk Kleven V949E_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfbbbe2eb46a0575def0cf92204de33b435a2680ac2f34ccc7ff6e250fea1717/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-15 06:18:00 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=36534lvunicxlxxqz6jcatpdhnbvujuavqxtjtgh75xckd7kc4lq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dfbbbe2eb46a0575def0cf92204de33b435a2680ac2f34ccc7ff6e250fea1717

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

xz dfbbbe2eb46a0575def0cf92204de33b435a2680ac2f34ccc7ff6e250fea1717

(this sample)

Formbook

Executable exe a078d966a3ac5a7ac639b01ba4d3230c7554d7d75e9e7f59dc35b623aec8dbda

  
Dropping
MD5 b86abf15be6a1c7027e7a89ea3d821ca
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a078d966a3ac5a7ac639b01ba4d3230c7554d7d75e9e7f59dc35b623aec8dbda

Comments