MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8107a0e4467378228aff48f3b3aff5c1bafb15b9170b8b4062602416285ca86c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8107a0e4467378228aff48f3b3aff5c1bafb15b9170b8b4062602416285ca86c
SHA3-384 hash: 25b82c6ac9d3281948a625ea5ef92b6817d5a90ed7c5e5e2ceee29015690e6ba1f5fce320d062251a52257cbca9fc79d
SHA1 hash: 65c9a3380e37c20c430f9a2dc94de3a19c761d0b
MD5 hash: 53f94ff09be96c1eabb2e1421cc36b6e
humanhash: pasta-undress-edward-magnesium
File name:New Order-PO#08337,.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:631'034 bytes
First seen:2020-11-04 11:33:19 UTC
Last seen:2020-11-04 19:50:38 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:S4y4oy6iHtaf+s4S2W9z/MT5JXjaJWA30u9iFQRcX8/5gy+cmrD3li6Tp:e4qwaGsX24z+qnzRcs/5gy+cuTp
TLSH DED423093C6E86A77F61504D3DC935400275AB23ED709A4BBAFB94403B4B5770F8B6AE
Reporter cocaman
Tags:FormBook rar


Avatar
cocaman
Malicious email (T1566.001)
From: "korat@mtkmarketing.co.th"
Received: "from mtkmarketing.co.th (unknown [103.153.78.33]) "
Date: "3 Nov 2020 16:51:52 -0800"
Subject: "RE: New Order-PO#08337"
Attachment: "New Order-PO#08337,.rar"

Intelligence

File Origin
# of uploads :
4
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8107a0e4467378228aff48f3b3aff5c1bafb15b9170b8b4062602416285ca86c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 00:09:56 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qed2bzcgon4cfcx7jdz3hl7vyg5pwfnzc4fywqdcmasbmkc4vbwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8107a0e4467378228aff48f3b3aff5c1bafb15b9170b8b4062602416285ca86c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 8107a0e4467378228aff48f3b3aff5c1bafb15b9170b8b4062602416285ca86c

(this sample)

Formbook

Executable exe 88ae2d739cf1bb2cb87e55498b46f53cc6c641ede1cf5619af8d0a128a1a2a39

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 88ae2d739cf1bb2cb87e55498b46f53cc6c641ede1cf5619af8d0a128a1a2a39
  
Dropping
Formbook

Comments