MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 526b3d34c83e929a77f885c84938d0f04118258f92cc405e5ae05050a8448c65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 526b3d34c83e929a77f885c84938d0f04118258f92cc405e5ae05050a8448c65
SHA3-384 hash: fc86e722b510d77b06ad6a865b680509dd385d34906f246aae2a6f5e8152fefcb3582f0f2648091840d90798881a3eb7
SHA1 hash: 1c19c46fc9288ef9d9f031c22a8143f173e42a83
MD5 hash: 2dc1403df934f928c44a3835b48a8b16
humanhash: solar-moon-princess-salami
File name:PO94772106.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:1'187'840 bytes
First seen:2020-05-12 15:55:34 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:z9g5pd1DAMJJL7XJAnY7DpOFm4lDKX2zsf/FHsVovVEdVWEw:zgJAIJHX+nODpOFDpPsf/FHs
TLSH 3B455C23E6418434D49A0BF2D43ADDB1543B7E9D39788B5E329E73291FF33462266A0D
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: MTA-08-4.privateemail.com
Sending IP: 198.54.122.58
From: Grace Yang <yz@zjtiachi.com>
Reply-To: Grace Yang <yz@zjtiachi.com>
Subject: FIND OUR ORDER QUOTATION!!!
Attachment: PO94772106.iso (contains "PO94772106.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 02:41:00 UTC
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kjvt2ngih2jju57yqxeesogq6barqjmpslgeaxs24bifbkcerrsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 526b3d34c83e929a77f885c84938d0f04118258f92cc405e5ae05050a8448c65

(this sample)

Formbook

Executable exe c8d588cae4d2691221f0b518d6a663c498f28663b9cb806df73249ced7b71322

  
Dropping
MD5 e16c89b45e356cf84e40a8ab92fe2b15
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8d588cae4d2691221f0b518d6a663c498f28663b9cb806df73249ced7b71322

Comments