MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb0493805418d490793ba698958c9943307598cb673e762426ac1017a11411ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb0493805418d490793ba698958c9943307598cb673e762426ac1017a11411ec
SHA3-384 hash: 979808c87fa5cd73e5890f715492d3926d12db0440ee7c1b4cf79d562ad06d8db1beaedce2a0ac1dce005eb6a4d75401
SHA1 hash: b4f84b3cfe33825e7b6e56b0d0fc02bd116676b7
MD5 hash: 77186d81e7f58892a72eab0fd2395bee
humanhash: white-salami-butter-sierra
File name:nowe zamówienie.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:540'201 bytes
First seen:2020-10-19 10:31:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:O7Qt07uo5JMYJMUMPNxdDoL4xlH/VlELP6CuZaR4vPa53xcK:2Qt0KwMW45DgmBVUuZaRR53xcK
TLSH B0B4232932A619C9CC439F82FFCE0D6007E0BCC9B5AA7467CB9411B51ADE8F59F6D094
Reporter abuse_ch
Tags:geo POL zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host2.himbimarket.com
Sending IP: 72.52.244.66
From: Gregor Kosec <export@filtroscartes.com>
Subject: Re: Re: zapytanie ofertowe
Attachment: nowe zamówienie.zip (contains "nowe zamówienie.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb0493805418d490793ba698958c9943307598cb673e762426ac1017a11411ec/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 08:19:33 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5mcjhacuddkja6j3u2mjldezimyhlgglm47hmjbgvqibpiiuchwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eb0493805418d490793ba698958c9943307598cb673e762426ac1017a11411ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip eb0493805418d490793ba698958c9943307598cb673e762426ac1017a11411ec

(this sample)

Formbook

Executable exe 7b939c76950b25a4e132860f637b3de9f561022e96481bb5f881b21e57e5898b

  
Dropping
MD5 fd261f53f1a33be172f7b21b0fa7c33a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7b939c76950b25a4e132860f637b3de9f561022e96481bb5f881b21e57e5898b

Comments