MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bfa310e60d8532c1f0582d003cb59b91adaad1952be182f67f35648bede02c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0bfa310e60d8532c1f0582d003cb59b91adaad1952be182f67f35648bede02c2
SHA3-384 hash: 46854860c078fcb42878ea9b4ef3a1f677649a730a511acbd719d93e3df20321d5dcf4be0649695211d4ac93989b1816
SHA1 hash: f19eec6ef21c37fe9058b529683d0cf744f680fc
MD5 hash: b09750504e929c4fcda052ca8743229a
humanhash: arkansas-hydrogen-pip-colorado
File name:Feedback Clarifications, Pictures, Techinical drawings and corrections with companys SPECIFICATIONS.
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-14 09:17:46 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:7gyHJYnLM4A7mzr92oD2dOhI1S5sL0VOk96kADls:7gZLzQmzrooDQOhJ5scd
TLSH 0D45F0A263C75522D23C253E8662930402F097094523EB1BF99F1FA77F53BED6A216CD
Reporter abuse_ch
Tags:FormBook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: imsantv71.netvigator.com
Sending IP: 210.87.250.171
From: Charlotte Lai <kklo@laford.com.hk>
Subject: RE:RE:RE: Laford Procurement (Media Files) Order Request
Attachment: Feedback Clarifications, Pictures, Techinical drawings and corrections with companys SPECIFICATIONS. (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.3496.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0bfa310e60d8532c1f0582d003cb59b91adaad1952be182f67f35648bede02c2/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 09:19:07 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bp5dcdta3bjsyhyfqliahs2zxennvlizkk7bql3h6nlerpw6alba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0bfa310e60d8532c1f0582d003cb59b91adaad1952be182f67f35648bede02c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 0bfa310e60d8532c1f0582d003cb59b91adaad1952be182f67f35648bede02c2

(this sample)

Formbook

Executable exe 353bbb86f2947091a4cd8c6e556570654b68b344cd73a3f22409c4b60106ab9c

  
Dropping
MD5 a7d366b3d03191e25e131e6db191a59b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 353bbb86f2947091a4cd8c6e556570654b68b344cd73a3f22409c4b60106ab9c

Comments