MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8211def9e38f6488cc96851d5c572b9607e3dca6e33bd375ca99435f964ef94c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8211def9e38f6488cc96851d5c572b9607e3dca6e33bd375ca99435f964ef94c
SHA3-384 hash: deea870fe30d81245d27e01cfe181452950d2ad80503f357e6eb1274ed0f04b270fdb7036eca4363c7fb168a87a89660
SHA1 hash: ba916e712b87e72613ec43255eb1f4031f034e87
MD5 hash: 46d25e193b0fa8c66294eae90d6ba0a0
humanhash: don-lactose-timing-carpet
File name:SLB SOA format.r01
Download: download sample
Signature Formbook
Create hunting rule
File size:612'250 bytes
First seen:2021-08-06 06:11:15 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 12288:WrIpdkwHs7NSC7idzgtXQkZ7PRR/SgSwHwg9s:W0LkwHspSZgp5b/SgSwHf9s
TLSH T15BD423C249053D06DCD863649E2E8F18C8B2A69715DBF5DBC79BD4EFDB1A48B1C3A012
Reporter cocaman
Tags:FormBook r01


Avatar
cocaman
Malicious email (T1566.001)
From: "Kesavapriya <Kesavapriya@hotmail.com>" (likely spoofed)
Received: "from hotmail.com (unknown [203.159.80.109]) "
Date: "05 Aug 2021 20:16:33 +0200"
Subject: "New SOA Submission "
Attachment: "SLB SOA format.r01"

Intelligence

File Origin
# of uploads :
1
# of downloads :
324
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8211def9e38f6488cc96851d5c572b9607e3dca6e33bd375ca99435f964ef94c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-08-05 12:50:28 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
15 of 27 (55.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qii556pdr5sirtewquovyvzlsyd6hxfg4m55g5oktfbv7fso7fga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8211def9e38f6488cc96851d5c572b9607e3dca6e33bd375ca99435f964ef94c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r01 8211def9e38f6488cc96851d5c572b9607e3dca6e33bd375ca99435f964ef94c

(this sample)

Formbook

Executable exe 0f91cd4c92db7272fae1a765da60d80d3ace80c956737f08d21f11676a0e2719

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0f91cd4c92db7272fae1a765da60d80d3ace80c956737f08d21f11676a0e2719
  
Dropping
Formbook

Comments