MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c85c05bd69d14fca6d11e35defec4cb7e76c16a5da061a3d7a0ee48e5c5c896. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c85c05bd69d14fca6d11e35defec4cb7e76c16a5da061a3d7a0ee48e5c5c896
SHA3-384 hash: f72ae88cd97c2303f94f0f089ef6ced1ad20d517441c7d329dda6bbf18a4db56f908f5e979c5feceff9b63c01ae93e51
SHA1 hash: 64b09b8fd8a726c6b170ddfdeb9e5a853d3afa45
MD5 hash: 854c15f09d9e26fed6007e310624873c
humanhash: maine-kitten-nineteen-pip
File name:shipping document.r01
Download: download sample
Signature Formbook
Create hunting rule
File size:711'117 bytes
First seen:2022-07-05 11:17:05 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 12288:XJKqbrkZjboo62X6fslCAxqCf/Gef/THr7YaadFAy3Uj/McuEOQ2S4pVLOaa5hgW:XJKqXm8ffAICf/GefrHxsAdDMWOm4pV8
TLSH T16DE423E8A24888366BF865A184E0FB7973287B89044C5B9BB55D5D1387CFF7F09264F0
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook r01 Shipping


Avatar
cocaman
Malicious email (T1566.001)
From: "agencqhd@hoscogroup.com" (likely spoofed)
Received: "from hoscogroup.com (unknown [202.55.133.137]) "
Date: "5 Jul 2022 03:37:36 -0700"
Subject: "RE: Shipment Docs"
Attachment: "shipping document.r01"

Intelligence

File Origin
# of uploads :
1
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c85c05bd69d14fca6d11e35defec4cb7e76c16a5da061a3d7a0ee48e5c5c896/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-07-05 08:11:48 UTC
File Type:
Binary (Archive)
Extracted files:
48
AV detection:
20 of 40 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hsc4aw6wtukpzjwrdy2557wezn7hnqlklwqgdi6xudxerzofzcla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3c85c05bd69d14fca6d11e35defec4cb7e76c16a5da061a3d7a0ee48e5c5c896

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r01 3c85c05bd69d14fca6d11e35defec4cb7e76c16a5da061a3d7a0ee48e5c5c896

(this sample)

Formbook

Executable exe b3c683325d3aca33738cfa974a19b4490167ae066b0e1e5d492fcffabc57e772

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3c683325d3aca33738cfa974a19b4490167ae066b0e1e5d492fcffabc57e772
  
Dropping
Formbook
  
Dropping
MD5 ea03d2cf0f0666d6381c82d31630cbe2

Comments