MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eaf911a214da2be146367e4d52a50c6159c805ebb8b3c53264841832c75a7403. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eaf911a214da2be146367e4d52a50c6159c805ebb8b3c53264841832c75a7403
SHA3-384 hash: 05800b787b864b9dad7d89ea902f5359c02c4762411db976b32309e70bbfb9a7ae2b1f143d6d2d755ecb02d90350b193
SHA1 hash: ac5a01ce4ef6a8e12b6b48453691ae471c405216
MD5 hash: c48f44eafd58be1b1351cbf4a26373a5
humanhash: one-tango-march-cardinal
File name:yeni sipariş pdf.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:739'661 bytes
First seen:2021-03-11 07:03:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:JUOYkG9ikQu/krFtIrdGxIutMkpP33mx4E3PasVY8/k8dk4NWsbifkXQ/r0cpIju:JUOs9wFOjuakp/3pUyoY8/rCwe7ajYzX
TLSH 6DF42366618661E3E632630BF9AC68250BC71747EDBE8FB2296710C1ED165C20EF3774
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eaf911a214da2be146367e4d52a50c6159c805ebb8b3c53264841832c75a7403/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 07:04:07 UTC
AV detection:
23 of 47 (48.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5l4rdiqu3iv6crrwpzgvfjimmfm4qbplxcz4kmteqqmdfr22oqbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eaf911a214da2be146367e4d52a50c6159c805ebb8b3c53264841832c75a7403

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip eaf911a214da2be146367e4d52a50c6159c805ebb8b3c53264841832c75a7403

(this sample)

Formbook

Executable exe d55303a4502e2643856305845a80e43237b22fa58bb221167387c727b26f9551

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d55303a4502e2643856305845a80e43237b22fa58bb221167387c727b26f9551
  
Dropping
MD5 93d3a99c24c4574242bff0fe2077619d

Comments