MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eca4db09fb469050b2ff416d51191b37ffa348c487d1875a2c23d2118e824a5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eca4db09fb469050b2ff416d51191b37ffa348c487d1875a2c23d2118e824a5e
SHA3-384 hash: 3aa94f0f2d1d8492d9967c97b3bbf631127624e71e9ffc43c55b01d644b5d67a20ff600e3c14d0cfa2c731ac5fd1faf9
SHA1 hash: 824a02f30963a7f423949c81a30e9595514cf1d6
MD5 hash: c683a1ee652beb96efdbdb0b68de0c3a
humanhash: uniform-angel-hawaii-steak
File name:PI.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:1'239'176 bytes
First seen:2021-01-19 07:37:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:FBuDuXGG2/9PKev7AjScf/IuBF10zXmNGw/E8o2z3Bjx6CLato3VRD:KGZmFLARnbF+z2NGd8o2zxjQCHVRD
TLSH CB4533982521A130590B9B5627CFE897B9A6097D5F48C3A05F8CB025DD992FB3C273FC
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: MAIL.rct.rct
Sending IP: 72.35.40.110
From: Ashraf Noshy <user@reedcitygroup.com>
Reply-To: Ashraf Noshy <info@lagrassamasonry.com>
Subject: Re: Confirm Payment Asap Pls
Attachment: PI.zip (contains "Bank details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn111.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21109.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eca4db09fb469050b2ff416d51191b37ffa348c487d1875a2c23d2118e824a5e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:38:20 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ssnwcp3i2ifbmx7ifwvcgi3g772gsgeq7iyowrmepjbdducjjpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eca4db09fb469050b2ff416d51191b37ffa348c487d1875a2c23d2118e824a5e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip eca4db09fb469050b2ff416d51191b37ffa348c487d1875a2c23d2118e824a5e

(this sample)

Formbook

Executable exe 6acec5800bb6a457e47029754e9eb7d6bf405ff56ea9f074741dabfdac141c18

  
Dropping
MD5 3eec66e80f478d2730d7e128d393460d
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6acec5800bb6a457e47029754e9eb7d6bf405ff56ea9f074741dabfdac141c18

Comments