MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ec17b18d3dc88d5026199e7d47352df46cf1aacbf396d9427bfe77cc247103d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ec17b18d3dc88d5026199e7d47352df46cf1aacbf396d9427bfe77cc247103d
SHA3-384 hash: 31ce9327cb54c2ed8655753f6c9e4e324c62198c4bbf50504e3734cff8d8b3cebb0e69df7ed6c524c5b77b1f7370b61e
SHA1 hash: e1dd2e24bcdfd1f445bddce3b4d142ee8fa33a58
MD5 hash: e204bf0957e05091dbb357b61e1a438c
humanhash: thirteen-earth-equal-papa
File name:New PO700-20-HDO410444RF217,pdf.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:460'800 bytes
First seen:2021-04-06 08:15:43 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:2bO3stvLGtELbMUTKZbQTK3bnifMVG2WbAmqJ84m90+4:NSityjK91z2MVQbAH+420X
TLSH 05A46D423184DCDAE44329F248AFD57060797D9E8164C60E374BBF2BA6E7342349B79E
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cloudhost-75426.au-south-1.nxcli.net
Sending IP: 103.224.90.79
From: Zhangjian J. Anthony <sales@yuenchang.com.tw>
Subject: Re: Khẩn cấp !!! New PO#700-20
Attachment: New PO700-20-HDO410444RF217,pdf.iso (contains "New PO#700-20-HDO410444RF217,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts72.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.FakeAV.AVB.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ec17b18d3dc88d5026199e7d47352df46cf1aacbf396d9427bfe77cc247103d/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 08:16:08 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f3axwggt3senkatbtht5i42s35dm6gvmx44w3fbhx7txzqshca6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2ec17b18d3dc88d5026199e7d47352df46cf1aacbf396d9427bfe77cc247103d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 2ec17b18d3dc88d5026199e7d47352df46cf1aacbf396d9427bfe77cc247103d

(this sample)

Formbook

Executable exe 6657aeabd5ded830361aad9112749d785fc0fbe46121daeb7acb23cd841274ed

  
Dropping
MD5 652744fb67a7cca34697aed9469b73d3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6657aeabd5ded830361aad9112749d785fc0fbe46121daeb7acb23cd841274ed

Comments