MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4871240c82b16dbbe436874e7166a558d83b2304a4c5e72ce8359283bb228a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4871240c82b16dbbe436874e7166a558d83b2304a4c5e72ce8359283bb228a0
SHA3-384 hash: 8fd47c82b30e4c116a40de8c8ae9fae17055430b339dd211e30c6471d2ed1297763b7f8a9e4c5d83fd4617e0885f80d0
SHA1 hash: bddc71774bf99411d374e87b429f55c2ae10e9cb
MD5 hash: 48ede81ef30d323a586f298c48bb6ca6
humanhash: hotel-dakota-oranges-eleven
File name:order list.arj
Download: download sample
Signature FormBook
Create hunting rule
File size:592'692 bytes
First seen:2020-08-04 07:49:56 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:n3RdweM/JApTzD2V7EDu/NbcgblOU2cId8Z7bJf0kYP8FLq4Qo0Dh:nh8CPDIIWopULIdw7a8FLPGh
TLSH 02C42349C53712B41B66D405148A09BEA8741D3F8CEDE828A19FD70F3DF7D7EC8662A8
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: bureauveritasi.pw
Sending IP: 104.168.219.43
From: info@bureauveritasi.pw <info@bureauveritasi.pw>
Reply-To: roadtriip25@gmail.com
Subject: Re: Order list
Attachment: order list.arj (contains "order list.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4871240c82b16dbbe436874e7166a558d83b2304a4c5e72ce8359283bb228a0/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 07:51:08 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=usdreqgifmlnxpsdnb2ooftkkwgyhmrqjjgf44woqnmsqo5sfcqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a4871240c82b16dbbe436874e7166a558d83b2304a4c5e72ce8359283bb228a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

arj a4871240c82b16dbbe436874e7166a558d83b2304a4c5e72ce8359283bb228a0

(this sample)

FormBook

Executable exe 474af782fd84f7b982a4c49deeaf3431aeadd1e52528dc7dd8e3bb29bde9c40f

  
Dropping
MD5 641a91628f244dad6fa507b6e07e05b6
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 474af782fd84f7b982a4c49deeaf3431aeadd1e52528dc7dd8e3bb29bde9c40f

Comments