MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23c88b8c902c83002d10ac65b77311e88693cea2ff3dfb561c16fabb0409cf8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23c88b8c902c83002d10ac65b77311e88693cea2ff3dfb561c16fabb0409cf8a
SHA3-384 hash: e0450bfac76ffbd23005a5fe340b9cc0288dc551aff702086ad22154ab1fc788b9c352a829238092336a276c0406a4b6
SHA1 hash: ed7e80302e1ac1f404b04c9680f1b89363b7cf4f
MD5 hash: cd8cfef92334920c742d910fe7b4e768
humanhash: stairway-sixteen-black-alaska
File name:Bank Confirmation.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:645'120 bytes
First seen:2020-10-16 12:40:19 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:D9KZTldLdFz3HEJi5LAWePIBD0WZqkyn2qDdzffF8jo+P1:D9mnLnEId+WuFFfNSP1
TLSH DCD4D02523A95FA4E4BDD3BB6460152027FAF086D331D7097DAC62CE3B56B809673B07
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: slot0.muresa.gq
Sending IP: 198.211.10.198
From: "Mr Micheal Grey" <info@muresa.gq>
Subject: Incorrect bank Details
Attachment: Bank Confirmation.iso (contains "Bank Confirmation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23c88b8c902c83002d10ac65b77311e88693cea2ff3dfb561c16fabb0409cf8a/
Threat name:
ByteCode-MSIL.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 06:15:06 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=epeixdeqfsbqaliqvrs3o4yr5cdjhtvc7467wvq4c35lwbajz6fa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/23c88b8c902c83002d10ac65b77311e88693cea2ff3dfb561c16fabb0409cf8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 23c88b8c902c83002d10ac65b77311e88693cea2ff3dfb561c16fabb0409cf8a

(this sample)

Formbook

Executable exe abd47175466abe2058151e12919ca9501497dbb286909bf7896d20d59fe73ef6

  
Dropping
MD5 56046153a51fe6eaa8814f9d11ac34f6
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abd47175466abe2058151e12919ca9501497dbb286909bf7896d20d59fe73ef6

Comments