MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fda91b131f727b4d80dfb1b69b8c934fec693986723dd59585f8ca016a3dfb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fda91b131f727b4d80dfb1b69b8c934fec693986723dd59585f8ca016a3dfb1
SHA3-384 hash: ebdef53abc07ee8af191ae3fd20e16044e0c1c86e02c1dd436a486b4a10c096edf478703d945b04028ba70f8ce98120c
SHA1 hash: 2a64a40d7c073a95aef37d7ae0fcf746513f632f
MD5 hash: d0e0fad1c1c9538cffb4ac5d488d3251
humanhash: saturn-bluebird-whiskey-virginia
File name:RFQ_AP65425652_032421 segera,pdf.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:460'800 bytes
First seen:2021-04-08 06:54:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:Zd9stvLGtELbMUTKZXQOnn7UGV5wD3hbCQ0Ga7BjHVLF7:pSityjKzn7Uw5wD3hbQBRF
TLSH 1EA45D823185DC9AE04328F258AFD53061797D9E8175C60E3747BF2BA6E7342346B78E
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cloudhost-831079.us-midwest-1.nxcli.net
Sending IP: 8.29.153.156
From: CHIPTRONICS (M) SDN. BHD. <info1@chiptronics.com.my>
Subject: RFQ_AP65425652_032421 Segera
Attachment: RFQ_AP65425652_032421 segera,pdf.iso (contains "RFQ_AP65425652_032421 isu-isu,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts72.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6fda91b131f727b4d80dfb1b69b8c934fec693986723dd59585f8ca016a3dfb1/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 02:25:40 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n7njdmjr64t3jwan7mnwtogjgt7mne4ym4r52wkyl6gkafvd36yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6fda91b131f727b4d80dfb1b69b8c934fec693986723dd59585f8ca016a3dfb1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 6fda91b131f727b4d80dfb1b69b8c934fec693986723dd59585f8ca016a3dfb1

(this sample)

Formbook

Executable exe cd292d4cdb5ff8f2de087a09de2a152722d910f1df7ce7b65e6480be9ae77fdf

  
Dropping
MD5 98f9ea244308bb5969ea3c302c32efcd
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cd292d4cdb5ff8f2de087a09de2a152722d910f1df7ce7b65e6480be9ae77fdf

Comments