MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 217ad9918a2324a39c79487d14723c302952f35c854bf6e23e9e88f06b3df69a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 217ad9918a2324a39c79487d14723c302952f35c854bf6e23e9e88f06b3df69a
SHA3-384 hash: 24ee680397af4906eda6b5d3937db6cc54882dfc3dd805762b0a7b5d108e90c4642fc4fe696ed60a38ea8c95333389eb
SHA1 hash: bdf555eb8b1dfe6b10261898d7e3f2dc1d30ada9
MD5 hash: 3ebab278363b52c9ff1a4c0e82bdf99c
humanhash: eleven-robert-autumn-twelve
File name:new purhcase order.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2022-09-23 09:14:41 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:GJol0W+OWXHNY9cuOpaCS4LpZgkp4x8ysBhOcOIAsPB2b2vplE4+:GJWx+xHNSOpaC3Fa4A8yknrAy2yR
TLSH T1A545F15D77AACF02D12D23BAC4E7486453B16983A272D6DB3A8D13850B073E6CD927C7
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:FormBook img

Intelligence

File Origin
# of uploads :
1
# of downloads :
287
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Barys.324380.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
barys packed
Link:
https://www.filescan.io/uploads/632d7993af34caccde3f74d7/reports/d94ca3d9-481a-4d7f-b1f8-106a7172803e/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/217ad9918a2324a39c79487d14723c302952f35c854bf6e23e9e88f06b3df69a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-09-13 11:36:25 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
23 of 41 (56.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ef5ntemkemskhhdzjb6ri4r4gauvf424qvf7nyr6t2epa2z562na._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/217ad9918a2324a39c79487d14723c302952f35c854bf6e23e9e88f06b3df69a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 217ad9918a2324a39c79487d14723c302952f35c854bf6e23e9e88f06b3df69a

(this sample)

Formbook

Executable exe 314e94266446785d903e9183fd752aa7a4beb6c131879011b6fe7794f7620b3a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 314e94266446785d903e9183fd752aa7a4beb6c131879011b6fe7794f7620b3a
  
Dropping
Formbook

Comments