MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a20ab7a4f9d752a616bf2fee4c0aab0565ac9d8e442b483cb8eaa1e726103405. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a20ab7a4f9d752a616bf2fee4c0aab0565ac9d8e442b483cb8eaa1e726103405
SHA3-384 hash: 17b8c92e88f0dfdf0fbef24a51ab5b05d6aac42f2511e18843c1a6928bc5f48e59ca35fbcaafa01f3a986dd385ce9130
SHA1 hash: 5d39c6c34025c2a12d01277765c225e6267dd21b
MD5 hash: 252556c05551372633042fcc7b142d54
humanhash: idaho-magnesium-september-beer
File name:Payment Confirmation.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2021-04-07 05:07:23 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:/60wIxsfx8I3yCSNGDINCCpirqB9h+cEO9TuCRJQOU2G:C0wjfx8VCBINCCpirqB/+cEmTot
TLSH EC45E71031FB601DF4F3AF716FD8B6AA1E6FBD30651DB0B86910071A8E25D40AEE6671
Reporter cocaman
Tags:FormBook img


Avatar
cocaman
Malicious email (T1566.001)
From: ""Jean Clark" <service@m2.pay2go.com>" (likely spoofed)
Received: "from m2.pay2go.com (unknown [113.196.61.199]) "
Date: "Tue, 06 Apr 2021 05:11:58 -0700"
Subject: "Payment Confirmation 04948392"
Attachment: "Payment Confirmation.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1493.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Variant.Terkcop.29.26483.17459.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a20ab7a4f9d752a616bf2fee4c0aab0565ac9d8e442b483cb8eaa1e726103405/
Threat name:
Win32.Trojan.Terkop
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 15:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uiflpjhz25jkmfv7f7xeycvlavs2zhmoiqvuqpfy5kq6ojqqgqcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/a20ab7a4f9d752a616bf2fee4c0aab0565ac9d8e442b483cb8eaa1e726103405

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img a20ab7a4f9d752a616bf2fee4c0aab0565ac9d8e442b483cb8eaa1e726103405

(this sample)

Formbook

Executable exe 9fa1b19303c7d57e47977244701a7355ff40e8c5419efc3e844af247c251bdad

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9fa1b19303c7d57e47977244701a7355ff40e8c5419efc3e844af247c251bdad
  
Dropping
Formbook
  
Dropping
MD5 abfff0aed35464875d661ade684f2000

Comments