MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98e0a622156a532664f2793d151c85b6410096827e42f481a191762b9b8b3558. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98e0a622156a532664f2793d151c85b6410096827e42f481a191762b9b8b3558
SHA3-384 hash: 8fad2c734d9a92623eb4eef7e4d0f13e4391977fe7743933f97cb2ed94a7c70ba1333eb5c38e06d60c7eb9baa80e0848
SHA1 hash: 2c80f4eeb67c7361847ceba327180367408530ca
MD5 hash: 5d74d110f1bf225049fc563b34221958
humanhash: winner-uranus-burger-bacon
File name:RE PAYMENT REMINDER - SOA - Outstanding (JAN21).iso
Download: download sample
Signature Formbook
Create hunting rule
File size:280'576 bytes
First seen:2021-02-11 22:07:12 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:KqjIp5gb+Ft2QSpeHt4ERZI5x8X8/9lp:ruC+zCsRZQxy
TLSH 5654126124D0E1B7D63642B06E3A5697EBFBB115017A3B8B335C8E883F3B592560A713
Reporter cocaman
Tags:FormBook iso


Avatar
cocaman
Malicious email (T1566.001)
From: ""Liwoi Accounts NCLSIN " <info@saerdsae.xyz>" (likely spoofed)
Received: "from mail2.ferotrade.ch (bizcloud-inbox.ferotrade.ch [64.227.105.215]) "
Date: "11 Feb 2021 17:06:49 -0500"
Subject: "RE: PAYMENT REMINDER - SOA - Outstanding (JAN21)"
Attachment: "RE PAYMENT REMINDER - SOA - Outstanding (JAN21).iso"

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98e0a622156a532664f2793d151c85b6410096827e42f481a191762b9b8b3558/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 22:36:26 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tdqkmiqvnjjsmzhspe6rkhefwzaqbfucpzbpjanbsf3cxg4lgvma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/98e0a622156a532664f2793d151c85b6410096827e42f481a191762b9b8b3558

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 98e0a622156a532664f2793d151c85b6410096827e42f481a191762b9b8b3558

(this sample)

Formbook

Executable exe a0f6adfa2f820aaa7e0df26286974d15843905f4831ea4250d2172d02665229d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a0f6adfa2f820aaa7e0df26286974d15843905f4831ea4250d2172d02665229d

Comments