MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68e062067f491980aa8ef2068485929bc93893b4964af309fe6c1435d9ade6a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68e062067f491980aa8ef2068485929bc93893b4964af309fe6c1435d9ade6a7
SHA3-384 hash: 83137432b8fd25eb28543d57ec089fe42608c590fecf491875d79088de8e64c2c27b58643a7ec0d71a70077486b7f757
SHA1 hash: fe83263b8070dca6af529e7d4bf499883b965508
MD5 hash: b8bfc8428d4d30f03f79765484541f92
humanhash: fifteen-table-virginia-massachusetts
File name:updated PI 8242220.pdf.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'441'792 bytes
First seen:2022-08-29 12:12:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:yz1L9PN4Zu3XDG2hi6FsD1Ke3+DwAF+JGSxEuARS7tRlraXVAJY:w3PN4aG2hi6FsDUe3+jg5a+tnraXVl
TLSH T19765CED522A85A19C57E4FF98063834147BB61552F1EE339FEF920ED0B22B0197C1AE7
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:FormBook img


Avatar
cocaman
Malicious email (T1566.001)
From: "Summer Lin <summer@mlmfurniture.com>" (likely spoofed)
Received: "from mlmfurniture.com (unknown [45.137.22.61]) "
Date: "24 Aug 2022 06:32:53 +0200"
Subject: "Re: REVISED THE PROFORMA updated PI 8242220.pdf"
Attachment: "updated PI 8242220.pdf.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1506.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/630cadf9fbf1afa49277c3e9/reports/0fd1592c-4244-4d22-b094-c6d5aa93bcc2/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68e062067f491980aa8ef2068485929bc93893b4964af309fe6c1435d9ade6a7/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-08-24 19:04:43 UTC
File Type:
Binary (Archive)
Extracted files:
55
AV detection:
22 of 41 (53.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ndqgebt7jemybkuo6idijbmstpetre5uszfpgcp6nqkdlwnn42tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/68e062067f491980aa8ef2068485929bc93893b4964af309fe6c1435d9ade6a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 68e062067f491980aa8ef2068485929bc93893b4964af309fe6c1435d9ade6a7

(this sample)

Formbook

Executable exe 41772cccdf9759f1b5578e2ccc3e62fcf439f1bd5f6cdf46b56481ad1762000c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 41772cccdf9759f1b5578e2ccc3e62fcf439f1bd5f6cdf46b56481ad1762000c
  
Dropping
Formbook
  
Dropping
MD5 c06a42f5a408fa31af8c15ab0edeb6de

Comments