MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134
SHA3-384 hash: 312e6084a8ec7243fc9f381404fe1330fa3951d98be2ed2ef10b353580dc04e55979176057796bab341105b7f0a4ecff
SHA1 hash: f0e3ea9d7cba40e3f893fd6d26b34d696d9dee6f
MD5 hash: cdd987c1a424a820bb9b8adb20507698
humanhash: pizza-juliet-saturn-seventeen
File name:cdd987c1a424a820bb9b8adb20507698.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:274'790 bytes
First seen:2021-08-01 07:02:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:zwcRv4TIlZ03RwLrNls9X2Hd4+yBCbSPnZkx54htUfwdn3:zwMv4T+3LrNls9XOd4+QCWPhtH53
TLSH T15E441D2C23FEA719F233FF319FA4A6449FA676B59215DD0D2DC4024B4821D81AEA7D31
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'802
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cdd987c1a424a820bb9b8adb20507698.exe
Verdict:
No threats detected
Analysis date:
2021-08-01 07:08:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/11c1c786-8a2b-4893-ab1d-44596b42095c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175553/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.924-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9f758898-8000-42b6-a0d5-531afe0883a8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/825038
Signature
.NET source code contains very large strings
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-31 19:45:47 UTC
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3xqnrgapo7rvnh45nrpayq46rxmofo5f7ivojubj3xgeyhz5ue2a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210801-kc7wpd3d1n/
Unpacked files
SH256 hash:
dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134
MD5 hash:
cdd987c1a424a820bb9b8adb20507698
SHA1 hash:
f0e3ea9d7cba40e3f893fd6d26b34d696d9dee6f
Link:
https://www.unpac.me/results/495fe88f-3c7d-402e-a5d2-27e763d62d9b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1454395/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/175553/

Comments