MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed1841d319e162e3e7dd76f1345eb7ea7e48af8c4239853b4ddcc56a145ac796. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed1841d319e162e3e7dd76f1345eb7ea7e48af8c4239853b4ddcc56a145ac796
SHA3-384 hash: 2abe04020e23bec0e16839d06695f712c79164b59a61530327daf9c6a154a8320fcd3c8c4b36c69aa58c8e15a268a537
SHA1 hash: 1151991c31713ffb93f65d6e5b0c7c66491b8f54
MD5 hash: 6cae12425d09ea2314e614bef755a648
humanhash: california-mike-spaghetti-carolina
File name:PO PL.img
Download: download sample
Signature Formbook
Create hunting rule
File size:921'600 bytes
First seen:2020-10-19 07:24:39 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:WJWqs0/eP09AVZO+36XIMY+oPZrG87kaIT2lGEjYxM0kZ5i1Shn:Bqs0GPHVZB6XnqPQ8QnCXiM41Shn
TLSH 3B158D391A949F54E07C9733E8A4244097FBEC03D336C65E7DE9398E0EB1B958223746
Reporter abuse_ch
Tags:FormBook img t-online


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mailout09.t-online.de
Sending IP: 194.25.134.84
From: Peter randy <ursula.strauss@t-online.de>
Subject: RE: RE: PURCHASE ORDER:DKSB ADM (P) 100-2020 SMARTFAC
Attachment: PO PL.img (contains "PO PL.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25544.7zHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed1841d319e162e3e7dd76f1345eb7ea7e48af8c4239853b4ddcc56a145ac796/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 03:33:34 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5umeduyz4frohz65o3ytixvx5j7erl4mii4yko2n3tcwufc2y6la._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ed1841d319e162e3e7dd76f1345eb7ea7e48af8c4239853b4ddcc56a145ac796

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img ed1841d319e162e3e7dd76f1345eb7ea7e48af8c4239853b4ddcc56a145ac796

(this sample)

Formbook

Executable exe a812b53ce06f7785297f38cec33ce1d277ea2784e9f9dde6fb80781d09a4ad32

  
Dropping
MD5 3bbeea95c962b613705a8be54427d46b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a812b53ce06f7785297f38cec33ce1d277ea2784e9f9dde6fb80781d09a4ad32

Comments