MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0e36ba15b59bda8425a6e3f10344025caa4e49033b12897057054dbd01dd9e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0e36ba15b59bda8425a6e3f10344025caa4e49033b12897057054dbd01dd9e8
SHA3-384 hash: 21ed7dc649e031050a5e880965a3d5432fb830d70d6bf595fcf4b6f11dbd184c415363127c4af71e53ec5f1e928907ea
SHA1 hash: beee7e36bcc5af9dec17f0c34e8866638e13c943
MD5 hash: c7c774e134c47cb2755df2aa82e07490
humanhash: solar-arizona-coffee-apart
File name:ROSE.07LF3UfkQxh.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:725'359 bytes
First seen:2021-05-26 05:09:39 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:EoG6gLqN+I29rFeDdOkGTEUu7bLljIVg+WoobpfKJQxkbCxoZgjzirkMHDJeL:EoGRw+IiQD5GTEUeLljOgyoEJqk+xNjf
TLSH 1FF4337FAF7586079C8794B49CE1F5864DFBCB168ACA8473205736715244EB6838AFC0
Reporter cocaman
Tags:FormBook r00

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0e36ba15b59bda8425a6e3f10344025caa4e49033b12897057054dbd01dd9e8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-25 14:48:44 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6drwxik3lg62qqs2ny7rancaexfkjzeqgoysrfyfobknxua53hua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f0e36ba15b59bda8425a6e3f10344025caa4e49033b12897057054dbd01dd9e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 f0e36ba15b59bda8425a6e3f10344025caa4e49033b12897057054dbd01dd9e8

(this sample)

Formbook

Executable exe 06590d709bb90096480fb153f62efa1b0738a561014afac367907fa47478079c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 06590d709bb90096480fb153f62efa1b0738a561014afac367907fa47478079c

Comments