MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61d68432601ca2a7f8fcd21011419f4e4208f842c3c7c5ecd23066522ddc1713. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61d68432601ca2a7f8fcd21011419f4e4208f842c3c7c5ecd23066522ddc1713
SHA3-384 hash: 21f92035d4592fb43e23834fd4e71caf300420824b1c9ee11b9d26d70f4fc994c41e4dc41fc0f15440edc5da90a97a10
SHA1 hash: 7732e2be31e1970aee8574c62dc429199882d2f4
MD5 hash: 2d4ed8694b5e3a602198c1192f6d4387
humanhash: leopard-five-texas-cat
File name:TRF Bank info for Confirmation.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:915'456 bytes
First seen:2020-10-06 06:08:17 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:tyEubTel0nqR/ff8FE//JSl7fJ5qqKUujiqebet3kjlOmHUmbIm5OUPSeJRKKtne:UbQ0nE/f//JSlfX+UAxZ3kjXU
TLSH 93157CAD36507ADEC957CD3ACA546C20EA3175A7830BD203A01B15EDAE4DA97DF102F3
Reporter abuse_ch
Tags:FormBook HSBC iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.kroser.com.uy
Sending IP: 162.211.86.3
From: HSBC <TJanuji@Hsbc.com>
Subject: Re:Account Payable TRF103_0092020
Attachment: TRF Bank info for Confirmation.iso (contains "TRF Bank info for Confirmation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61d68432601ca2a7f8fcd21011419f4e4208f842c3c7c5ecd23066522ddc1713/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 03:52:08 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mhliimtadsrkp6h42iibcqm7jzbar6ccypd4l3gsgbtfelo4c4jq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/61d68432601ca2a7f8fcd21011419f4e4208f842c3c7c5ecd23066522ddc1713

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 61d68432601ca2a7f8fcd21011419f4e4208f842c3c7c5ecd23066522ddc1713

(this sample)

Formbook

Executable exe 7e896ee66c233b20d802b6c6201b64ff0dfaad30f3d694842f1d7d5d5f5cdb3a

  
Dropping
MD5 b6e573a5d3a6bb9f7ceb592d13a9fd92
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7e896ee66c233b20d802b6c6201b64ff0dfaad30f3d694842f1d7d5d5f5cdb3a

Comments