MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ed0b231702bb87e233fc34190e85590298f5382f6cb91bcc6aea04075e408b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ed0b231702bb87e233fc34190e85590298f5382f6cb91bcc6aea04075e408b2
SHA3-384 hash: 580c35fe21ad07abe818c7d65432986fc33c826af3434e8fe651d7fbf0ff26f72b86a2a13b0a5bc3c900d9c7c34676c7
SHA1 hash: 26538425d37f0ef68eb9369ec53aa59bdca38f23
MD5 hash: c64bb802d217bc60b4aa6aa160e1532c
humanhash: pizza-cat-island-oklahoma
File name:INV088002904SINO(1).rar
Download: download sample
Signature Formbook
Create hunting rule
File size:682'035 bytes
First seen:2022-10-19 07:27:44 UTC
Last seen:2022-10-19 07:28:32 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:VaxKokOwAfe+CJL5It/zStyXqa1ynvct4dYo6s6nRG6WtSxBqjW0mr3wOqRQbD:4cokOwAfe+jSkL1GUt4dYo6nmSxPt3wu
TLSH T159E4331A25166EF2B21CCB3D5323EBE79CEC21879890C44D2E8F776A45096DB76B434C
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook payment rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Hana <kyn.mat@fdandersonagency.com>" (likely spoofed)
Received: "from antyfugo.fdandersonagency.com (unknown [92.52.217.135]) "
Date: "18 Oct 2022 18:45:09 -0700"
Subject: "Payment INV088002904SINO"
Attachment: "INV088002904SINO(1).rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:version.txt
File size:1'612 bytes
SHA256 hash: 1714e1dea6965dc0f5acb2b5c41e39b62a3a672f513fd6cc7334a8d22966b561
MD5 hash: 2810a5912ab03ed5af9ad3b909f2b2e2
MIME type:application/octet-stream
Signature Formbook
File name:1
File size:4'149 bytes
SHA256 hash: 1948715cb1d853aebaf3e66f6a2dcd589b3c798c581d65e36448d2730dabb874
MD5 hash: dc5c3db87a918ae083d9fe69d3eca720
MIME type:image/png
Signature Formbook
File name:32512
File size:20 bytes
SHA256 hash: 3c7114088a1c0047ed6b266065430ba5343d90cf8ac80c943455ed34ae0c0ba1
MD5 hash: c8e439abcd1c15f563ef817aeb0dd339
MIME type:application/octet-stream
Signature Formbook
Vendor Threat Intelligence
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/634fa703b5f60e72b8c77b0b/reports/2cf0df3f-90e2-48c9-988c-86d684a366b6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ed0b231702bb87e233fc34190e85590298f5382f6cb91bcc6aea04075e408b2/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-10-18 10:03:49 UTC
File Type:
Binary (Archive)
Extracted files:
31
AV detection:
19 of 42 (45.24%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p3ilemlqfo4h4iz7ynazb2cvsauy6u4c63fzdpggv2qea5pebcza._file
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:axe3 rat spyware stealer trojan
Link:
https://tria.ge/reports/221019-janx4sfac3/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Formbook
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ed0b231702bb87e233fc34190e85590298f5382f6cb91bcc6aea04075e408b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 7ed0b231702bb87e233fc34190e85590298f5382f6cb91bcc6aea04075e408b2

(this sample)

Formbook

Executable exe cfe210ae906aaa82fdf2bf3879af8f271897e5497c285140d1ca130b38936982

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cfe210ae906aaa82fdf2bf3879af8f271897e5497c285140d1ca130b38936982
  
Dropping
Formbook
  
Dropping
MD5 b66e3047c2dd35c5f477b29c12bf8499

Comments