MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bddc75e56384d1979b5bc35cb8056b284a20c1926edcb2ed5a9063fba0697af7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bddc75e56384d1979b5bc35cb8056b284a20c1926edcb2ed5a9063fba0697af7
SHA3-384 hash: ba30c049d501840973f240a70d65162e7f3c379e06290a45a9e2abc9ad4a2e1c72b0afb0143958a5d308b2058826ae62
SHA1 hash: 345419b084947e6e8c7b8accf2b0aeaa5030c647
MD5 hash: ff814a1b77fdc6382bc88351baa2bbe1
humanhash: friend-october-steak-black
File name:SWIFT Transfer (103) __037RTG2050822156____Pdf__.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:1'050'624 bytes
First seen:2022-08-16 08:31:53 UTC
Last seen:2022-08-16 08:40:10 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Y6n08/X7tViZ4mMvQQdC6BTe9IbUDHDlF:Y6n08/X7tM4m+QQb7UT
TLSH T173259D07AFA43705D4B75BB9DD5B686183F23809717EE3782E945C9B2EFA301D80162B
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:FormBook HSBC iso SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "HSBC CUSTOMER ADVISING SYSTEM <etenderingadmin@esnad.gov.om>" (likely spoofed)
Received: "from esnad.gov.om (unknown [95.211.209.129]) "
Date: "8 Aug 2022 01:49:20 -0700"
Subject: "SWIFT Transfer (103) 037RTG2050822156"
Attachment: "SWIFT Transfer (103) __037RTG2050822156____Pdf__.iso"

Intelligence

File Origin
# of uploads :
2
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_pdf.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PackedNET.1429.22023.2770.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
explorer.exe packed
Link:
https://www.filescan.io/uploads/62fb5645a3420170e448ea20/reports/53e1b77f-c427-4e26-958e-26efea71e35d/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bddc75e56384d1979b5bc35cb8056b284a20c1926edcb2ed5a9063fba0697af7/
Threat name:
ByteCode-MSIL.Trojan.Tisifi
Create hunting rule
Status:
Malicious
First seen:
2022-08-08 04:42:34 UTC
File Type:
Binary (Archive)
Extracted files:
19
AV detection:
24 of 40 (60.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xxohlzldqtizpg23ynolqbllfbfcbqmsn3olf3k2sbr7xidjpl3q._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220816-ke97ksefdm/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Checks computer location settings
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bddc75e56384d1979b5bc35cb8056b284a20c1926edcb2ed5a9063fba0697af7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso bddc75e56384d1979b5bc35cb8056b284a20c1926edcb2ed5a9063fba0697af7

(this sample)

Formbook

Executable exe 613edebe9f20eff6958bc447fa000388c1b986e1cdb76930ca061d2c92fe952c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 613edebe9f20eff6958bc447fa000388c1b986e1cdb76930ca061d2c92fe952c
  
Dropping
Formbook

Comments