MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e3a24c5603153e27f31dd6254a80d3a9a88495e1d1c202c07c92da9658e3aae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e3a24c5603153e27f31dd6254a80d3a9a88495e1d1c202c07c92da9658e3aae
SHA3-384 hash: 57f3e6ae4a5821f47c719b702aaa8bfc9cb954fbf5fdbcd6acc77c29cb0ec4e9fe6ec8ed4a0a34bf429a9c72167031a0
SHA1 hash: 20d7f54a7813048c53f5d6ce53987e23132ef9ab
MD5 hash: fb8f131344e63556b698b9de12f93fc3
humanhash: beryllium-edward-arizona-double
File name:Commercial and Technical Proposal for Supply.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-11-07 10:26:10 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:GSUIdjNMqHMtTsw+MOJNX+SV10G5RYc2UAw05viCrs9uZJ3L:sIBMV+MOG01j5ec2Fx5vUK3
TLSH 2A45E05C5E806D22FC1FB1FCD1B5825C17335F1923B1C6DA66AA0EFA533AB940C1AE51
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: norinco.cn
Sending IP: 37.49.225.167
From: ryao <ryao@norinco.cn>
Subject: Commercial and Technical Proposal for Supply
Attachment: Commercial and Technical Proposal for Supply.iso (contains "New Additional Agreement - Commercial and Technical Proposal for Supply.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.453.11596.27942.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e3a24c5603153e27f31dd6254a80d3a9a88495e1d1c202c07c92da9658e3aae/
Threat name:
ByteCode-MSIL.Trojan.DnInject
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 20:02:50 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fy5cjrlagfj6e7zr3vrfjkanhkniqsk6duocalahzew2szmohkxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 2e3a24c5603153e27f31dd6254a80d3a9a88495e1d1c202c07c92da9658e3aae

(this sample)

Formbook

Executable exe 13690a4d7ae3acd542c99ab687383cc2d5b8b20346c2035a8f6381b03efbf7cb

  
Dropping
MD5 8aa2aa4a74438a02e9b795bb5b7de5be
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 13690a4d7ae3acd542c99ab687383cc2d5b8b20346c2035a8f6381b03efbf7cb

Comments