MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88368ed7ad7d20842268c39ea565b12506e7c83cd32a0604a474af2955ce40e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88368ed7ad7d20842268c39ea565b12506e7c83cd32a0604a474af2955ce40e5
SHA3-384 hash: 9cb79540bdb521f4e07edeca5de46512d24cd6aede16c7600882305d95d1dfe561976c867436312c192e2b902c796ee3
SHA1 hash: c082161983f331af20f44237e3fb253c08b3118f
MD5 hash: 2fe59fe8012cd2aef9a68fd6308dfc57
humanhash: moon-fifteen-video-item
File name:FA 2374 LDS JULY 2020.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:314'615 bytes
First seen:2020-07-03 06:16:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:tsoI3PkfFgeq2bzG7VWMmh28fquIYT2v6by+2CHc/xieiSBjnNKHpHy:YfoFg32bzKvaLrIK2ibcp7jnNKHpS
TLSH 3D6423824A4894B4CC5E2887CCFE29B5092845C62DD433FDC8EC54B79B4BAB7E85BD53
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: dlveltex.co
Sending IP: 111.90.145.49
From: Lauren <lauren@dlveltex.co>
Subject: attached selected items and confirmed copy of quotation for your reference.
Attachment: FA 2374 LDS JULY 2020.rar (contains "FA 2374 LDS JULY 2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88368ed7ad7d20842268c39ea565b12506e7c83cd32a0604a474af2955ce40e5/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:18:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ra3i5v5npuqiiitiyopkkznreudopsb42mvambfeosxssvooidsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 88368ed7ad7d20842268c39ea565b12506e7c83cd32a0604a474af2955ce40e5

(this sample)

FormBook

Executable exe efaa9091d5aa1f64ae3b3c1258e90d5bb346e25e75ae3c4530ea9346380e2158

  
Dropping
MD5 ce827cc5b3880f31fc3088ec1180c5e5
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 efaa9091d5aa1f64ae3b3c1258e90d5bb346e25e75ae3c4530ea9346380e2158

Comments