MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eaa6f0f01dba6489d0dc63d8ca4ce302aa991634aee7c7844a6863f1ddd252fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eaa6f0f01dba6489d0dc63d8ca4ce302aa991634aee7c7844a6863f1ddd252fb
SHA3-384 hash: c2c445127902e7c13c219c9130c287f13f3285eace40776538f9aa47c4fc7f93afcab678f7b5028dd1679fcbd5f2ae1b
SHA1 hash: db9c5152facc7ee2a4b01ec4d85c1159054e5ff8
MD5 hash: 45d439f8c5a31999e0c3c8b1462a5668
humanhash: apart-spaghetti-bulldog-black
File name:Acount Details.iso
Download: download sample
Signature FormBook
Create hunting rule
File size:360'448 bytes
First seen:2020-06-30 12:09:45 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:GOXVqAa5ErcfDCCGo8qk0lnvgS3FHLQB/EXhBsiPlN3Vj4:GOFqAkTUqk0lnvftQ2XhdPX3VM
TLSH 9874F132B3B56B28EAB997B691B160100FB7B90B5470C269BDAC35CA0F73750D211F67
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: mta2.centosvps.xyz
Sending IP: 185.163.44.88
From: worldtradingitems@gmail.com
Attachment: Acount Details.iso (contains "Acount Details.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eaa6f0f01dba6489d0dc63d8ca4ce302aa991634aee7c7844a6863f1ddd252fb/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 12:11:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ktpb4a5xjsitug4mpmmuthdakvjsfruv3t4pbcknbr7dxoskl5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

iso eaa6f0f01dba6489d0dc63d8ca4ce302aa991634aee7c7844a6863f1ddd252fb

(this sample)

FormBook

Executable exe abdae1b1965bafd334bb46028ddeffc82d495bf84aaa3f44403d9a17963f12c5

  
Dropping
MD5 d15fc838aacf85c873bca9adfe7b9997
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abdae1b1965bafd334bb46028ddeffc82d495bf84aaa3f44403d9a17963f12c5

Comments