MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96e79fcfb665d6bf1c68dd56cb0f1dc1bfde4e45876272e984eb4dd8d8b405d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96e79fcfb665d6bf1c68dd56cb0f1dc1bfde4e45876272e984eb4dd8d8b405d0
SHA3-384 hash: 3368bfc13f639bf29ef2f865e2cb2f988477219770f45377931f4f239730552018be279af8b0e01e852850012a0be352
SHA1 hash: 6ca695d507bf43884c712b5116d3f079f055ddc9
MD5 hash: 2668697740a06c4fcd1afb0c5397d9f9
humanhash: nine-uniform-berlin-fifteen
File name:invoice pdf.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:703'618 bytes
First seen:2021-02-10 20:29:29 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:a5kl80EOdxc16iYsTt0SY1rF++0nCiXjEGt6FE4C4YCDgFcXO6jFUE0mhH6nIg87:aI80Eexvi6SYrz0CO6FEkYCDE6hP5HHL
TLSH A4E42306793735927A600C11C2ACFB9FD4E638404936DAF774F3B15AF1654F8609AE2E
Reporter fabjer
Tags:7z

Intelligence

File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96e79fcfb665d6bf1c68dd56cb0f1dc1bfde4e45876272e984eb4dd8d8b405d0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 04:57:34 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3tz7t5wmxll6hdi3vlmwdy5yg754tsfq5rhf2me5ng5rwfuaxia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/96e79fcfb665d6bf1c68dd56cb0f1dc1bfde4e45876272e984eb4dd8d8b405d0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 96e79fcfb665d6bf1c68dd56cb0f1dc1bfde4e45876272e984eb4dd8d8b405d0

(this sample)

Formbook

Executable exe f9589f810b0a61d3fb5643856b3feb56b7710a309fbe0eab29f1f7a7cd74f928

  
Dropping
SHA256 f9589f810b0a61d3fb5643856b3feb56b7710a309fbe0eab29f1f7a7cd74f928
  
Delivery method
Distributed via e-mail attachment

Comments