MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78fe3ed0e50009101124d757b0ff13967a5eda787ddad427276779c4d343ce2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78fe3ed0e50009101124d757b0ff13967a5eda787ddad427276779c4d343ce2c
SHA3-384 hash: 12127e56721dc2c4d729ec536c1199ffdac44a9a314f1d5ea734a6c939de4fa3c564f98b866fbdc109a35c77d7c68563
SHA1 hash: d4d26ffd70753a9d81877a70477edfc13f2bfb18
MD5 hash: 2a2278ac00e3b5729826f9f828a0b9ac
humanhash: mountain-magazine-spring-mobile
File name:Materials.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:428'032 bytes
First seen:2021-01-15 15:53:45 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:YNFf3hZqh0Lsgc+pkdWR65XtacANmctQesWVN:YNFfxZqCLsgnpkBXtac0m+QeHN
TLSH 1094F603A92C89B2EF38A33D40050CD995F51C9C16D9B11A67BCBD3DDA7D4225D2FA2E
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.litos.net
Sending IP: 86.109.108.50
From: mattias.jonsson@blsindustries.se
Subject: Order For Materials - BLS Industries Sweden
Attachment: Materials.iso (contains "Materials.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.3623.15099.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78fe3ed0e50009101124d757b0ff13967a5eda787ddad427276779c4d343ce2c/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-15 11:22:29 UTC
AV detection:
9 of 44 (20.45%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pd7d5uhfaaeraeje25l3b7ytsz5f5wtypxnnijzhm544ju2dzywa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78fe3ed0e50009101124d757b0ff13967a5eda787ddad427276779c4d343ce2c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 78fe3ed0e50009101124d757b0ff13967a5eda787ddad427276779c4d343ce2c

(this sample)

Formbook

Executable exe 38f3aadc65df16aed9f5bbaa5f42598d3fd9b29811429fcddd679a40b092fca0

  
Dropping
MD5 8bd9a34cf06fa228b4ccd401808723cc
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 38f3aadc65df16aed9f5bbaa5f42598d3fd9b29811429fcddd679a40b092fca0

Comments