MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4df436a10e88a39872cbf427640598b98fb5fe9c93d46e579905587510b71d39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4df436a10e88a39872cbf427640598b98fb5fe9c93d46e579905587510b71d39
SHA3-384 hash: d22e5d3a7d2feb25f7d90891995d085b2b90cecc2e8ee6a408bef5d432a9637a26568b6c00b9765b6cd7597e7c8ff4a2
SHA1 hash: 8e6472a1a1f0d493407efb9758bac5d8c484bfa7
MD5 hash: ef9a0072479118c56747623e48e4d0d7
humanhash: moon-colorado-chicken-delta
File name:OC CVE9362 _TVOP-MIO 22C 2021,pdf.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:499'712 bytes
First seen:2021-03-22 07:44:27 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:qXMjoYAvKhAp081nNVjqKoen62D7FUPJnQtPz4De/UU5GCKz:yy6nnjqKoe6eKJyPz2V
TLSH A6B48D97394085ACCF6A51F7A317854473AADCFFC518960A7BCC33539FE6A92082271B
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: randlight.de
Sending IP: 89.163.145.207
From: Patricia <sales@mediamage.co.za>
Subject: ORDER CONFIRMATION CVE9362
Attachment: OC CVE9362 _TVOP-MIO 22C 2021,pdf.iso (contains "OC CVE9362 _TVOP-MIO 22(C) 2021,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts72.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4df436a10e88a39872cbf427640598b98fb5fe9c93d46e579905587510b71d39/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 00:02:12 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jx2dniiorcrzq4wl6qtwibmyxgh3l7u4spkg4v4zavmhkefxdu4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/4df436a10e88a39872cbf427640598b98fb5fe9c93d46e579905587510b71d39

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 4df436a10e88a39872cbf427640598b98fb5fe9c93d46e579905587510b71d39

(this sample)

Formbook

Executable exe d03e629a7a5926d3ee220bd52f01430358de8b2f0d6c13cdb26b44fbe27182e7

  
Dropping
MD5 f26126e969e46c3553cc51c12d0ab7d7
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d03e629a7a5926d3ee220bd52f01430358de8b2f0d6c13cdb26b44fbe27182e7

Comments