MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fea8335f28234eb3003a9dd7a366ae03af520b3ed9b3372caa17b21233852176. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fea8335f28234eb3003a9dd7a366ae03af520b3ed9b3372caa17b21233852176
SHA3-384 hash: 46cbce48420f924b6ba51b2ef1183b61a0e036256791430873411c4b1a77cec966735ef391a854739d1bb543a4f79d64
SHA1 hash: 037dc6b775fa77ac0bda29e23ba1a74f301c65ec
MD5 hash: a0ab5d7addef570ac00ebc96aea1a7cc
humanhash: social-blue-river-yankee
File name:REVISED PURCHASE ORDER ITEMS 2023-14-31.IMG
Download: download sample
Signature Formbook
Create hunting rule
File size:1'376'256 bytes
First seen:2023-02-02 08:17:11 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Ntz8L6gu+xMRSR5SEtKypyE4s09JtWsJIPg8zLvqsEqG4yPa:QLzyRU5Zp74so3WaCTC1qG4yPa
TLSH T198558C8777B19872F6CB00B1142837CD2FE06103BE95E267AB7B79C0A7069FB7698151
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:FormBook img


Avatar
cocaman
Malicious email (T1566.001)
From: "Alice Ai <alice@jhunthome.com>" (likely spoofed)
Received: "from jhunthome.com (unknown [185.222.58.73]) "
Date: "1 Feb 2023 16:32:53 +0100"
Subject: "=?UTF-8?B?5Zue5aSNOlJFOiBSRVZJU0VEIFBVUkNIQVNFIE9SREVSIElURU1TIDIwMjMtMTQtMzE=?="
Attachment: "REVISED PURCHASE ORDER ITEMS 2023-14-31.IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:REVISED_.EXE
File size:779'776 bytes
SHA256 hash: ed5c5ef5186a78d9dd02e7dbf36b0bcc9d6c0e733f04a6780f6bcf06dbfc3338
MD5 hash: c18c92beacd7e92b9881eb2d8a56d2ad
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.65277604.4787.25711.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
context-iso packed phishing
Link:
https://www.filescan.io/uploads/63db71bc89bd67c10fdc2af9/reports/ec8d6c69-70ba-4af3-b4b6-feb3726f3fb3/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fea8335f28234eb3003a9dd7a366ae03af520b3ed9b3372caa17b21233852176/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-02-01 18:35:26 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=72udgxzienhlgab2txl2gzvoaoxvecz63gztolfkc6zbem4fef3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/fea8335f28234eb3003a9dd7a366ae03af520b3ed9b3372caa17b21233852176

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img fea8335f28234eb3003a9dd7a366ae03af520b3ed9b3372caa17b21233852176

(this sample)

Formbook

Executable exe ed5c5ef5186a78d9dd02e7dbf36b0bcc9d6c0e733f04a6780f6bcf06dbfc3338

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ed5c5ef5186a78d9dd02e7dbf36b0bcc9d6c0e733f04a6780f6bcf06dbfc3338
  
Dropping
Formbook
  
Dropping
MD5 c18c92beacd7e92b9881eb2d8a56d2ad

Comments