MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17ebdcf24d8df79094c29ae2a35b1697a257711eeedd4b58e51844b9b3732f83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17ebdcf24d8df79094c29ae2a35b1697a257711eeedd4b58e51844b9b3732f83
SHA3-384 hash: 25414c98f013957fd4b87f3c52d64c3ae0581b1ad4a06f97e7d61ec5917e6f999618230a60ad07bc3807c30bca596c7f
SHA1 hash: 3e6e5ea8516c4d1c064b9e86498ef14070f3e681
MD5 hash: 0ff7ba695ea725b1c413c1519c28e487
humanhash: lake-grey-robert-juliet
File name:Shipping Doc_Original BL, Invoice & Packing List.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:584'862 bytes
First seen:2021-03-16 09:00:07 UTC
Last seen:2021-03-29 11:36:06 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:PyjBEffw1lfpq8jcD38lGRn1OETMxns2Y8hzFfStik1PrjbjYaBK:PyFEHwo803r16sZ8hzF6iwzpK
TLSH 35C4231C41FA2DBC62975593E1535FFD44D8B9B93A6F2E62E33A2A024FA1705CD8E042
Reporter cocaman
Tags:DHL FormBook INVOICE zip


Avatar
cocaman
Malicious email (T1566.001)
From: "DHL | Global Forwarding <dispatch@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [217.146.81.124]) "
Date: "16 Mar 2021 08:37:41 +0100"
Subject: "RE: Telex Release - B/L PZU100002800 - lgpartner.ch"
Attachment: "Shipping Doc_Original BL, Invoice & Packing List.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn25.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17ebdcf24d8df79094c29ae2a35b1697a257711eeedd4b58e51844b9b3732f83/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-16 09:01:05 UTC
File Type:
Binary (Archive)
Extracted files:
84
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c7v5z4snrx3zbfgctlrkgwyws6rfo4i653ouwwhfdbcltm3tf6bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/17ebdcf24d8df79094c29ae2a35b1697a257711eeedd4b58e51844b9b3732f83

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 17ebdcf24d8df79094c29ae2a35b1697a257711eeedd4b58e51844b9b3732f83

(this sample)

Formbook

Executable exe 770710adcc9c97316e0f43dcc99ef1561dfe8ec086a1514d4c3d7d0d90b24181

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 770710adcc9c97316e0f43dcc99ef1561dfe8ec086a1514d4c3d7d0d90b24181
  
Dropping
Formbook

Comments