MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f86774676755007d3eac5327d64e7d369d19f78f257e87583fdd1a4646908bad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f86774676755007d3eac5327d64e7d369d19f78f257e87583fdd1a4646908bad
SHA3-384 hash: 3261bf246a363ae50317c481c89ac22945eaed4b606eed4361e60b8c808f1f6ff2732575eda851db502a38a5aacecd20
SHA1 hash: 797bf2f32e89a8419324a57829cb316700562474
MD5 hash: dbec3e81b225d6d95fd44746ab301cd3
humanhash: seventeen-double-leopard-foxtrot
File name:PO_7801.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:504'710 bytes
First seen:2020-10-19 07:23:45 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:0HVFeTdyHAXIGYa2Vfpuu4Ub7d+5xqlw8t4MBTMJ0oOX8k6:2VsVXCluuvbJ+5clw8+Mt/5Mp
TLSH C0B42383E49B003591424DD7AA84ED9E7F0334AABAC7B495FE061C6A0FF53D81CD71A9
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vps.eca-pp.uk
Sending IP: 45.145.185.42
From: Analisa Beck <office@eca-pp.uk>
Subject: RE: PO_7801 REQUESTED PROFORMA INVOICE
Attachment: PO_7801.rar (contains "PO_7801.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f86774676755007d3eac5327d64e7d369d19f78f257e87583fdd1a4646908bad/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 03:35:37 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7btxiz3hkuah2pvmkmt5mtt5g2ort54pev7iowb73unemruqrowq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f86774676755007d3eac5327d64e7d369d19f78f257e87583fdd1a4646908bad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar f86774676755007d3eac5327d64e7d369d19f78f257e87583fdd1a4646908bad

(this sample)

Formbook

Executable exe eacd132f69b64ef7a47c959fd92f50343be23e5768f0476c665870f5de4f89ee

  
Dropping
MD5 0af070e9a11c6104e53ad0bd83134594
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eacd132f69b64ef7a47c959fd92f50343be23e5768f0476c665870f5de4f89ee

Comments