MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f318498366c1759eadbbc3b67a64c7f85f828f79bac7b54e998a59adb468f348. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f318498366c1759eadbbc3b67a64c7f85f828f79bac7b54e998a59adb468f348
SHA3-384 hash: a692ae57bb8ff5ee8bbac3b1616708750878bd7f56477b71a191c8e691293af7364142f44ff5efff3d112f6aed34d8fc
SHA1 hash: fb9f9879b4e010ad460c578fc77a14bf23dfd056
MD5 hash: b5723b81374b2f6bebd841f8c172172f
humanhash: july-fanta-pasta-magnesium
File name:HBSCXXX6.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:741'912 bytes
First seen:2021-02-06 08:26:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:PN1kR3TWGqG5SBMkc0jrM5os4/LaFEqFMiSnO3uAnQhxeMBl4x2FH/JoHNKrDdys:V1kR3CxaKMkc0WuDaSqGO3ygylE8BjO6
TLSH DDF4334E6D5E78F2B41EDB1D044854520829A3347BE3DD7FD66CA1303AAD68E0943DEB
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: sonic315-22.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.190.148
From: abdul rehman memon <seyani_1234@yahoo.com>
Subject: : Fwd: Wire Transfer Payment
Attachment: HBSCXXX6.rar (contains "Vghj5O8TF2rYH85.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
215
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.29627.3540.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f318498366c1759eadbbc3b67a64c7f85f828f79bac7b54e998a59adb468f348/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-06 08:27:14 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6mmeta3gyf2z5ln3yo3huzgh7bpyfd3zxld3ktuzrjm23ndi6nea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f318498366c1759eadbbc3b67a64c7f85f828f79bac7b54e998a59adb468f348

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar f318498366c1759eadbbc3b67a64c7f85f828f79bac7b54e998a59adb468f348

(this sample)

Formbook

Executable exe c408e9ac6c785de60c7a65c278c476165c660547645ff34ace23767ee2d16021

  
Dropping
MD5 9e253536cdf9c8ff66ccc8b18d294441
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c408e9ac6c785de60c7a65c278c476165c660547645ff34ace23767ee2d16021

Comments