MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 427e2588fb603ef1b9c462b9c1dfcfc6d739b2b40a716276aa68390846fdbf73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 427e2588fb603ef1b9c462b9c1dfcfc6d739b2b40a716276aa68390846fdbf73
SHA3-384 hash: 9b988ff5d69c790da43c8909ac86918a9dc279286b8bce5bec94ec4a5ecf329da50f7641895b5ef404689a5f0f066edc
SHA1 hash: 4d3ddcf72723d816aacc4d953514143f259a760d
MD5 hash: d3bf251af859ccb7aa786a5049958eee
humanhash: sierra-pluto-may-mars
File name:Documents.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:548'049 bytes
First seen:2023-12-19 17:24:42 UTC
Last seen:2023-12-19 20:26:28 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:w4mdcJuCbTHWwSZlJC0V16S+x3VVQNTEkrA52luP59O8gUvc898TkUa:OypbTHWhv6S+30BrAUuP5U8gUvc8uE
TLSH T13CC423E4126484ED4984200C016B99FF9E69057E56BEFD3E2059ACF5EEA173B1D2FC34
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Purchasing <Purchasing@sc.com>" (likely spoofed)
Received: "from sc.com (unknown [91.92.252.60]) "
Date: "19 Dec 2023 12:25:44 -0800"
Subject: "Re: order confirmation"
Attachment: "Documents.rar"

Intelligence

File Origin
# of uploads :
7
# of downloads :
133
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Documents.exe
File size:781'824 bytes
SHA256 hash: 7bacfc4148055cac9beba5517630e42a46ca8689bc8e6fd1bb25831e43e58582
MD5 hash: 8236ed91c917687d4cb9baa9b2e6ec1d
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/427e2588fb603ef1b9c462b9c1dfcfc6d739b2b40a716276aa68390846fdbf73/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6581d1f2b855eb3693e6d662/reports/27d57301-8a46-4926-8203-664135db9801/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/427e2588fb603ef1b9c462b9c1dfcfc6d739b2b40a716276aa68390846fdbf73
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/427e2588fb603ef1b9c462b9c1dfcfc6d739b2b40a716276aa68390846fdbf73/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-12-19 13:18:44 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
15 of 37 (40.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ij7clch3ma7pdooemk44dx6py3lttmvubjywe5vkna4qqrx5x5zq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/427e2588fb603ef1b9c462b9c1dfcfc6d739b2b40a716276aa68390846fdbf73

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 427e2588fb603ef1b9c462b9c1dfcfc6d739b2b40a716276aa68390846fdbf73

(this sample)

Formbook

Executable exe 7bacfc4148055cac9beba5517630e42a46ca8689bc8e6fd1bb25831e43e58582

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7bacfc4148055cac9beba5517630e42a46ca8689bc8e6fd1bb25831e43e58582
  
Dropping
Formbook

Comments