MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5
SHA3-384 hash:	45882bbbf0f011ef7e559d82749f434943fa8ba697af624bae37d3afd4a168e7e96fa070e36f327d0b76bd77e8613c44
SHA1 hash:	59c438ce3b30850eba2364ce8943cbcc10db3c69
MD5 hash:	9ca7d42a21d8392bf94b09cb840cba38
humanhash:	lake-spaghetti-spaghetti-lake
File name:	doc08910120230628102641.iso
Download:	download sample
Signature	Formbook Alert Create hunting rule
File size:	75'776 bytes
First seen:	2023-06-29 11:49:48 UTC
Last seen:	Never
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	192:m3tY6+qZZqwFkb7H0rKTW2eOdAZTza3kepns6XB5V87W1tfZGD4fJdq6myRRW35E:ui6LLUTcOdYTd6XBSsRGDPHBHN
TLSH	T13173FB185EAC0527E8A747B856B263C00B3BBA7372B3EB2F7ECC71552B532541911372
TrID	99.5% (.NULL) null bytes (2048000/1) 0.2% (.ATN) Photoshop Action (5007/6/1) 0.1% (.ISO) ISO 9660 CD image (2545/36/1) 0.0% (.BIN/MACBIN) MacBinary 1 (1033/5) 0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter	cocaman
Tags:	FormBook iso

cocaman

Malicious email (T1566.001)
From: "Barbara Vontobel <manuela@clairejenkins.ml>" (likely spoofed)
Received: "from clairejenkins.ml (unknown [165.22.183.28]) "
Date: "Thu, 29 Jun 2023 06:28:24 +0300"
Subject: "Zahlungsbeleg"
Attachment: "doc08910120230628102641.iso"

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

95

Origin country :

CH

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

Relevant files 1

File name:	doc08910120230628102641.exe
File size:	12'800 bytes
SHA256 hash:	fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34
MD5 hash:	1ad043cd1961bd25e3d66d0436669885
MIME type:	application/x-dosexec
Signature	Formbook

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

context-iso

Link:

https://www.filescan.io/uploads/649d6fed313e9da61a5be069/reports/5166502d-151c-42db-8dcc-ce3581fa1462/overview

Hybrid Analysis Possibl.80622A98

Verdict:

Malicious

Labled as:

Possibl.80622A98

Link:

https://www.hybrid-analysis.com/sample/745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.Pwsx

Threat name:

ByteCode-MSIL.Trojan.Pwsx

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-06-29 07:07:47 UTC

File Type:

Binary (Archive)

Extracted files:

2

AV detection:

14 of 37 (37.84%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=orng52m4d4kewdqftufyh2wo5iyoyp2auivyg6mxbm7t65n2qosq._file

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  5/10

Tags:

n/a

Link:

https://tria.ge/reports/230629-pnbgtsch99/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5