MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 006b1ee076b5f6774ab38f7793f323ace6af210468411e0d4e9e64d713e1a242. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 006b1ee076b5f6774ab38f7793f323ace6af210468411e0d4e9e64d713e1a242
SHA3-384 hash: 02020fb75c35a0ba45d9b18e2ac75ab22a719070cfa1b4fed061a22a00db726cb68b427ff5918d1fd3771a83f58edcea
SHA1 hash: 697767052326b16056e3f13bdbab0d6f97b09c9b
MD5 hash: c30afb8cf15a057cedb6b006eddca693
humanhash: sweet-video-green-kilo
File name:271-20210124-252.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:1'310'720 bytes
First seen:2021-01-25 13:35:38 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:QRXxjbHfNbxpDFiDROtGr4eYNriW4/zxzUDxn:QRXx9/DRtRe2+
TLSH C955F10617824663C7A0AD7262BD92784AB19DFB6171B27E754C37E0CB361F015CE27E
Reporter cocaman
Tags:FormBook iso


Avatar
cocaman
Malicious email (T1566.001)
From: "DBSeAdvice <office@cowbown.com>" (likely spoofed)
Received: "from slot0.cowbown.com (slot0.cowbown.com [203.159.80.100]) "
Date: "25 Jan 2021 08:00:23 -0500"
Subject: "Bank Fund Transfer//HAO MART PTE LTD"
Attachment: "271-20210124-252.iso"

Intelligence

File Origin
# of uploads :
1
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts64.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/006b1ee076b5f6774ab38f7793f323ace6af210468411e0d4e9e64d713e1a242/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-01-25 13:36:06 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=abvr5ydwwx3hosvtr53zh4zdvttk6iienbar4dkotzsnoe7bujba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/006b1ee076b5f6774ab38f7793f323ace6af210468411e0d4e9e64d713e1a242

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 006b1ee076b5f6774ab38f7793f323ace6af210468411e0d4e9e64d713e1a242

(this sample)

Formbook

Executable exe 33b922d5874f3914984da8e1db4674fe7186e256d8f5acd1aa1a20d86a87ebcd

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 33b922d5874f3914984da8e1db4674fe7186e256d8f5acd1aa1a20d86a87ebcd
  
Dropping
Formbook

Comments