MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e30c4e8ca2ff188c1ac1c6f773648b4404675de1a085a110830dbe3b01090df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e30c4e8ca2ff188c1ac1c6f773648b4404675de1a085a110830dbe3b01090df
SHA3-384 hash: 17155ef2dbff12baedc0ecf0181563dd84c1171663703d65ca924bd8b6cca31b8f9afe623f714f7d2877b2a6fe0609b6
SHA1 hash: 2bdbf1e1c9ede9f3e3889a0afd2ca3b3da27bb97
MD5 hash: 7e8cb21ab53965e70be829eb0f498325
humanhash: autumn-oklahoma-white-violet
File name:00987654334567.r09
Download: download sample
Signature Formbook
Create hunting rule
File size:6'557 bytes
First seen:2023-02-09 07:40:18 UTC
Last seen:2023-02-09 07:41:33 UTC
File type: r09
MIME type:application/x-rar
ssdeep 192:83BJVVkFK05dAMjFV5sCt1PpfiyqaCphZE/nrH8:83/KvAMjFXs+pbZHnrH8
TLSH T11CD19D7828EE85B8D4350CDC2D7B520F96113E1388C7D06F32C213AA7BCA8768B47A41
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook QUOTATION r09


Avatar
cocaman
Malicious email (T1566.001)
From: "Sanjay Sharma <md@comformfoam.com>" (likely spoofed)
Received: "from [202.55.135.90] (unknown [202.55.135.90]) "
Date: "8 Feb 2023 10:25:51 -0800"
Subject: "QUOTATION OF PEELBOND/SEAL/ADHESION STRENGTH TESTER -DIGITAL , G.SM ROUND CUTTER AND BRUSTING STRENGTH"
Attachment: "00987654334567.r09"

Intelligence

File Origin
# of uploads :
2
# of downloads :
150
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:00987654334567.exe
File size:13'312 bytes
SHA256 hash: 32603d6c0a84eeb638434c8f7e351dd062d88a5da3d4fd659a8ae6570339845c
MD5 hash: b6673ec379f1a7f0e19b514b6557c8ce
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
kryptocibule
Link:
https://www.filescan.io/uploads/63e4a390fc4dffab0ccf5b8c/reports/c39982cb-4f11-4a5c-b1c3-5253410f2c2a/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/8e30c4e8ca2ff188c1ac1c6f773648b4404675de1a085a110830dbe3b01090df
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e30c4e8ca2ff188c1ac1c6f773648b4404675de1a085a110830dbe3b01090df/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2023-02-08 10:30:01 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 39 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ryymj2gkf7yyrqnmdrxxonsiwraem5o6diefueiigdn6hmaqsdpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/8e30c4e8ca2ff188c1ac1c6f773648b4404675de1a085a110830dbe3b01090df

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:test_rule_for_agrntTesla_or_exe_files_basic
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r09 8e30c4e8ca2ff188c1ac1c6f773648b4404675de1a085a110830dbe3b01090df

(this sample)

Formbook

Executable exe 32603d6c0a84eeb638434c8f7e351dd062d88a5da3d4fd659a8ae6570339845c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 32603d6c0a84eeb638434c8f7e351dd062d88a5da3d4fd659a8ae6570339845c

Comments