MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b46d4c1c3f9cdf247525f4192c7eb2c47c87e6cee055d08db75ce3b51886d51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b46d4c1c3f9cdf247525f4192c7eb2c47c87e6cee055d08db75ce3b51886d51
SHA3-384 hash: 9824e3eeee5515ba86a31b52e6a5e8a8125becdcf99359687c1e739cd8c97bc1ec638e215182c943ac07ef0c69cd1fc9
SHA1 hash: 488d357fb6c1ebc12b5ccf9c0efe4f696e71c366
MD5 hash: cb1104dfca08b6fc972955b4a67285a5
humanhash: fourteen-network-cat-sad
File name:Rfq_Catalog.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:931'840 bytes
First seen:2020-12-30 09:13:00 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:ubPiFS30jAGMm6fweUkfzAyWFAhoP33c1unkd6iQx55RcYrG9lBxBRvzLg0Axmw1:uqsNkyvSlJ4+zkmyJNfQgnqMp3d60g
TLSH 0D15499BE1390409E1506E30700CD702B509B1AAEAFC12E57DD69838FE1B5BF535A7BE
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vepo.donoralpha.com
Sending IP: 111.118.214.86
From: procurement@tawi.com.ph
Reply-To: procurement.tawi@email.com
Subject: RFQ 20/4871 for TAWI GROUP
Attachment: Rfq_Catalog.iso (contains "Rfq_Catalog.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1133.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b46d4c1c3f9cdf247525f4192c7eb2c47c87e6cee055d08db75ce3b51886d51/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dndnjqod7hg7er2sl5azfr7lfrd4q7tm5ycv2cg3oxhdwuminviq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 1b46d4c1c3f9cdf247525f4192c7eb2c47c87e6cee055d08db75ce3b51886d51

(this sample)

Formbook

Executable exe fc06c75c1b3c7a0ffac2a20aaec4abba36a50e1ddc8917efc555a6d4b58daf72

  
Dropping
MD5 e2b30bd41b99919688b886a34f41f8c5
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc06c75c1b3c7a0ffac2a20aaec4abba36a50e1ddc8917efc555a6d4b58daf72

Comments