MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments

SHA256 hash: 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77
SHA3-384 hash: 1ef941149b8b350c02e8f40a4fe82c6b8f84869b1afa5329fb851d40975cde3782e39601b7e5fd91b8286c4ef129f6b3
SHA1 hash: ee93b383487125b06c28e4d0b2e14a4f59091ce0
MD5 hash: 86a2f9ec7adc3097e7799827c95a8e4c
humanhash: bluebird-sixteen-north-magnesium
File name:PO-5820 DRSS 1002935014-10-DTH.rar
Download: download sample
Signature FormBook
File size:245'742 bytes
First seen:2020-06-06 10:17:15 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Ct9o8bN7BwLLb5QqFSZ67omn0A1eJC7flf7jHvrHC:ybD4Z7ZEYVvrHC
TLSH FD3423DBAD4A24F7C26FD7EA313089C240BB20C52A96DF1D208C5E6E0D2B1459A5F57F
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.hoss-mecyberia.com
Sending IP: 45.95.169.170
From: J.AlSubhi <info@hoss-mecyberia.com>
Subject: fwd: Urgent request for quotation
Attachment: PO-5820 DRSS 1002935014-10-DTH.rar (contains "PO-5820 DRSS# 1002935014-10-DTH.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2020-06-06 10:18:08 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77

(this sample)

  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment

Comments