MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9b987ba2cd98134e6d764fa1a143b1c302b6fe3ebe3fef083052a025326d84d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9b987ba2cd98134e6d764fa1a143b1c302b6fe3ebe3fef083052a025326d84d
SHA3-384 hash: 0b6fbbc1eef3ac2e67c7884e9ed814952ccaf5bed93e4af755527d2d6a473839a011603ae9f08d872490b30654e869c0
SHA1 hash: 353e742ceda7f2b3d1a9a4693484bdb983d9f088
MD5 hash: a1c27e4057943b30d15487e94b5549cc
humanhash: eleven-massachusetts-monkey-foxtrot
File name:Account Docs.r00
Download: download sample
Signature FormBook
Create hunting rule
File size:287'644 bytes
First seen:2020-06-24 05:26:52 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:LlJy15vE3hwpLcNw9z/89AM4UIUC7qGUbXn7MSCTWS:LlU/c3qkw69D4GXn7MS2
TLSH 3454230BF6531A9CA70ADD0D3A839B4B714C3E4B1C2741774E6CD4AE5A913B9F6A700B
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing FormBook:

From: Belinda <GLCANADA@walmart.com>
Subject: Account attached
Attachment: Account Docs.r00 (contains "Account Docs.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200624-0803.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9b987ba2cd98134e6d764fa1a143b1c302b6fe3ebe3fef083052a025326d84d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:28:06 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7g4yporm3gatjzwxmt5bufb3dqycw37d5pr754edauvaeuzg3bgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

r00 f9b987ba2cd98134e6d764fa1a143b1c302b6fe3ebe3fef083052a025326d84d

(this sample)

FormBook

Executable exe 1423f45cfa5d62d8910075b3cc15855237e0a0bc2e2c18a49b94f0cc8d592602

  
Dropping
MD5 0f657255550242d8ba05de7b191d5e8f
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1423f45cfa5d62d8910075b3cc15855237e0a0bc2e2c18a49b94f0cc8d592602

Comments