MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 680dfb1274ca623a59fe98844dc695fd12890a86e2a5342002dd4833c822ccac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 680dfb1274ca623a59fe98844dc695fd12890a86e2a5342002dd4833c822ccac
SHA3-384 hash: ccdfa7107978ae0759e6ca957dbddcf464cb314daaad902e4083f6dbeba45e5fd775fc70ffd9d90e8de21a0c5de63d66
SHA1 hash: 9828f2fe01e1bd569967da0ce6f6f63460950ba3
MD5 hash: c1b0db1ce88b7bdae312f0668bb372fd
humanhash: jig-hamper-fillet-cup
File name:invoice n.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:424'532 bytes
First seen:2020-08-17 19:05:46 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:C24IdAQOtyATvp8GAOYKbYA7lKjwME2xz3pxze:wIUTR3JYA433Tze
TLSH F09423EDDA65878D6BFD4560421EEB85CB2B34B38A531347C547A40EB4EC1E6B2098FC
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: rizwanplc.pw
Sending IP: 104.168.145.21
From: info@rizwanplc.pw <info@rizwanplc.pw>
Reply-To: roadtriip25@gmail.com
Subject: RE: Order 8203 || Commercial Invoice
Attachment: invoice n.arj (contains "invoice n.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/680dfb1274ca623a59fe98844dc695fd12890a86e2a5342002dd4833c822ccac/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 19:07:08 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nag7wetuzjrduwp6tcce3ruv7ujiscug4kstiiac3vedhsbczswa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/680dfb1274ca623a59fe98844dc695fd12890a86e2a5342002dd4833c822ccac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj 680dfb1274ca623a59fe98844dc695fd12890a86e2a5342002dd4833c822ccac

(this sample)

Formbook

Executable exe 4883c17b319dd863b75676586e283a6065e70e3f99e4264b167030aa9fec05d8

  
Dropping
MD5 d21df425036566723209a69565c660b6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4883c17b319dd863b75676586e283a6065e70e3f99e4264b167030aa9fec05d8

Comments