MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb76978500df6a63528a85f99e642526a40184195da2173f5990ca6fb9a15e7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb76978500df6a63528a85f99e642526a40184195da2173f5990ca6fb9a15e7d
SHA3-384 hash: b55a7ef8b459bf4f8a5b0c59b700d92707ceab5672906979f11ef3cad942c651895e62022b6e1f0fb87ca5c083a00236
SHA1 hash: a5b70de48686e07b3549a8218b22fb370908ca8f
MD5 hash: dc50e476cb2dbd525e459cae7723e003
humanhash: lima-high-violet-grey
File name:PO#41000055885.r09
Download: download sample
Signature Formbook
Create hunting rule
File size:530'242 bytes
First seen:2021-04-07 04:09:19 UTC
Last seen:2021-04-08 05:20:30 UTC
File type: r09
MIME type:application/x-rar
ssdeep 12288:Yn5i0L+QWugU3xtsL5Hd5LjdAS8hEfboeakCV5t:Yf+QW1595DDfbohkCJ
TLSH D0B42329E990CBFF7049721144EF95CEE9B88850DF7058AA21B85688066F44FFC5BCB9
Reporter lowmal3
Tags:FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb76978500df6a63528a85f99e642526a40184195da2173f5990ca6fb9a15e7d/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 03:54:29 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zn3jpbia35vgguukqx4z4zbfe2sadbazlwrbop2zsdfg7onblz6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/cb76978500df6a63528a85f99e642526a40184195da2173f5990ca6fb9a15e7d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r09 cb76978500df6a63528a85f99e642526a40184195da2173f5990ca6fb9a15e7d

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments