MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5110e6eaa627517fca04a31f287f0b27e854aca253e2fc7cfabc3d468aeae062. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: 5110e6eaa627517fca04a31f287f0b27e854aca253e2fc7cfabc3d468aeae062
SHA3-384 hash: dfbd0cca265779e0d36264e91eabbd04a438225fe0b7953a556fb979d6d121cc0f422fb85fbb479af66ddee476d6dd30
SHA1 hash: 51d98fded9eb53c45dbe5e4e91c767ef725e3899
MD5 hash: c430aff20cea13c8d34d5b166c6e9a35
humanhash: twelve-arkansas-march-three
File name:PO 1,5001993 21118.r00
Download: download sample
Signature Formbook
File size:424'289 bytes
First seen:2021-09-28 08:22:53 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:hxQFU7bLtOLvKbA3V9gPjfJlDr2W7if+BNuos1kiVCy:hqFU7b5OL8KV6H3m++f1gy
TLSH T12C94237B9C9BAFF0AB85CC1316A139591097DCF9A94628D08CA4BC7E8BD23D25D33D14
Reporter @cocaman
Tags:FormBook r00


Twitter
@cocaman
Malicious email (T1566.001)
From: "Edd Smith (Woodlodge) <EddSmith@woodlodge.co.uk>" (likely spoofed)
Received: "from woodlodge.co.uk (unknown [185.222.58.155]) "
Date: "28 Sep 2021 09:16:25 +0200"
Subject: "Re: PO126126, PO126127, PO 126128"
Attachment: "PO 1,5001993 21118.r00"

Intelligence


File Origin
# of uploads :
1
# of downloads :
102
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2021-09-28 08:23:06 UTC
AV detection:
13 of 45 (28.89%)
Threat level:
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 5110e6eaa627517fca04a31f287f0b27e854aca253e2fc7cfabc3d468aeae062

(this sample)

  
Delivery method
Distributed via e-mail attachment
  
Dropping
Formbook

Comments