MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e59faa8bfdf982eb7830fbde567bbc876958e07b8d99024a6d6b91fa4006a70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e59faa8bfdf982eb7830fbde567bbc876958e07b8d99024a6d6b91fa4006a70
SHA3-384 hash: 90246cff95a42d23689f325c7036197da21646d40b030533bb6fbf535463588828960fb8476b58e239df62a10ab39b84
SHA1 hash: 1043b4acbdb74e9b1a14eb868c4d67bc4cc187a6
MD5 hash: 925fff68a21f482c228dad429b4c46c5
humanhash: march-lemon-salami-item
File name:80460894pdf.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2022-06-28 12:28:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:W+YGeOLuh4XwBMVEJP89TZ7qrSAtAB7vU:XzeOLuh4AByTFdF
TLSH T1184512A107C0AB5AE231A7B32130017467AA67EB1C6AE59FBD8DF5D90B71FC0D1125CB
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:DHL FormBook img


Avatar
cocaman
Malicious email (T1566.001)
From: "PS Shriram (DHL IN) <PS.Shriram@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [45.137.22.75]) "
Date: "28 Jun 2022 14:26:22 +0200"
Subject: "AWB: 3877940054 / Salcomp"
Attachment: "80460894pdf.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
formbook packed
Link:
https://www.filescan.io/uploads/62baf412cd5fc77b1d514f71/reports/16ac43d4-18a9-4da3-92fc-c133b8b9ad7c/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e59faa8bfdf982eb7830fbde567bbc876958e07b8d99024a6d6b91fa4006a70/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-06-28 10:34:30 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lzm7vkf736mc5n4db666kz53zb3jldqhxdmzajfg224r7jaanjya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5e59faa8bfdf982eb7830fbde567bbc876958e07b8d99024a6d6b91fa4006a70

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 5e59faa8bfdf982eb7830fbde567bbc876958e07b8d99024a6d6b91fa4006a70

(this sample)

Formbook

Executable exe 240a0d83266f5f28e7068ddcccdbb6e1a495b0543cebf903bb5c0ac4958639aa

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 240a0d83266f5f28e7068ddcccdbb6e1a495b0543cebf903bb5c0ac4958639aa
  
Dropping
MD5 f91409c3e5346d10be1d58f1234511fb

Comments