MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77
SHA3-384 hash: 1ef941149b8b350c02e8f40a4fe82c6b8f84869b1afa5329fb851d40975cde3782e39601b7e5fd91b8286c4ef129f6b3
SHA1 hash: ee93b383487125b06c28e4d0b2e14a4f59091ce0
MD5 hash: 86a2f9ec7adc3097e7799827c95a8e4c
humanhash: bluebird-sixteen-north-magnesium
File name:PO-5820 DRSS 1002935014-10-DTH.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:245'742 bytes
First seen:2020-06-06 10:17:15 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Ct9o8bN7BwLLb5QqFSZ67omn0A1eJC7flf7jHvrHC:ybD4Z7ZEYVvrHC
TLSH FD3423DBAD4A24F7C26FD7EA313089C240BB20C52A96DF1D208C5E6E0D2B1459A5F57F
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.hoss-mecyberia.com
Sending IP: 45.95.169.170
From: J.AlSubhi <info@hoss-mecyberia.com>
Subject: fwd: Urgent request for quotation
Attachment: PO-5820 DRSS 1002935014-10-DTH.rar (contains "PO-5820 DRSS# 1002935014-10-DTH.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 10:18:08 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bbqufvhale7gcqc5qhdhfaaypezqa4lopdbfmxxmn6wdfeovvz3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77

(this sample)

FormBook

Executable exe 31e66c356ca1daf6f2c3965c1c2f9356eda89a8423cbd1b33240b2c8b4abf20c

  
Dropping
MD5 dccae05e3d41143f100a3daf4b5b2732
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 31e66c356ca1daf6f2c3965c1c2f9356eda89a8423cbd1b33240b2c8b4abf20c

Comments