MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ead0a99f9ce25b587db44473586a75778c209d87a233edb48421c9bc27d9bb12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ead0a99f9ce25b587db44473586a75778c209d87a233edb48421c9bc27d9bb12
SHA3-384 hash: 3f3ee5576974dbc86ce31094094c2198afb1a6b85874a2a6de4457154f9c1cea87231cfbaeec3c3c4cbfde575b259d51
SHA1 hash: 23e0ee980af8d7c562f113e569bc0a3b9f53a477
MD5 hash: 5e4b192349a03f1ca0a7fef3231c0ef1
humanhash: kilo-solar-low-may
File name:5e4b192349a03f1ca0a7fef3231c0ef1.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:805'270 bytes
First seen:2022-02-18 17:53:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:oVByWQHlhAQZC7qtblmzk+uaK3DFbKeaZ:IByDlqQZCGNlF+zK3DF0
TLSH T1D905CF2F497F223AC5BCD7A199C4CD2FF8A2C5A63537991C29C616D905267F230D222F
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
320
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/242582/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.25375.UNOFFICIAL
Create hunting rule

Win.Packed.Agenttesla-9939066-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated overlay packed replace.exe
Link:
https://www.filescan.io/uploads/620fdd43ac8ad0468b5204c5/reports/a065a80c-fe61-425a-b6c1-d803bf1f86ec/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Loki
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d7d1f490-b100-449f-ac56-3ef4c3c01e6c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/942403
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ead0a99f9ce25b587db44473586a75778c209d87a233edb48421c9bc27d9bb12/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-02-18 17:54:13 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5likth444jnvq7nuirzvq2tvo6gcbhmhuiz63neeehe3yj6zxmja._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220218-wgwmracgd7/
Unpacked files
SH256 hash:
ead0a99f9ce25b587db44473586a75778c209d87a233edb48421c9bc27d9bb12
MD5 hash:
5e4b192349a03f1ca0a7fef3231c0ef1
SHA1 hash:
23e0ee980af8d7c562f113e569bc0a3b9f53a477
Link:
https://www.unpac.me/results/3dd51492-fde8-4a3e-a1a1-185153414a2c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ead0a99f9ce25b587db44473586a75778c209d87a233edb48421c9bc27d9bb12

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe ead0a99f9ce25b587db44473586a75778c209d87a233edb48421c9bc27d9bb12

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2038777/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/242582/

Comments