MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f1787cae61d24e9c6ad9baa35219d66b2c67973d43286b44cd07b5673d4bd62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f1787cae61d24e9c6ad9baa35219d66b2c67973d43286b44cd07b5673d4bd62
SHA3-384 hash: ab29200590ce667745f98a54211e9f024d1341db0adb633fb7ebe06fed162b684b792dd126aed76a9b3374a0e351e566
SHA1 hash: 1f9b8514d7a39ee5ad153fbb71d554f1b2bea7ad
MD5 hash: 7d12b3f345b5a69c742a0ff9d356a855
humanhash: kitten-quebec-oxygen-sixteen
File name:банковский перевод pdf.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:506'917 bytes
First seen:2021-04-08 16:43:37 UTC
Last seen:2021-04-08 16:54:36 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:2M4uwsWD/79OUVbxR99znpGz0ebpdpQObAcC50sxa:rLwtNVbpGzbbXpQQkbc
TLSH 60B423A433A80ACB4F48FC58F461E62028DD2F5B915958975DF13DDAB30EF2F4A22E51
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "pegas-1961@mail.ru" (likely spoofed)
Received: "from mail.kultura.by (unknown [93.125.22.95]) "
Date: "Fri, 09 Apr 2021 04:38:53 +1200"
Subject: "=?UTF-8?Q?RE=3A_=D0=B1=D0=B0=D0=BD=D0=BA=D0=BE=D0=B2=D1=81=D0=BA?= =?UTF-8?Q?=D0=B8=D0=B9_=D0=BF=D0=B5=D1=80=D0=B5=D0=B2=D0=BE=D0=B4?="
Attachment: "банковский перевод pdf.zip"

Intelligence

File Origin
# of uploads :
3
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PackedNET.634-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/1f1787cae61d24e9c6ad9baa35219d66b2c67973d43286b44cd07b5673d4bd62
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f1787cae61d24e9c6ad9baa35219d66b2c67973d43286b44cd07b5673d4bd62/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 16:44:55 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d4lypsxgdusotrvntovdkim5m2zmm6lt2qzinncm2b5vm46uxvra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1f1787cae61d24e9c6ad9baa35219d66b2c67973d43286b44cd07b5673d4bd62

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 1f1787cae61d24e9c6ad9baa35219d66b2c67973d43286b44cd07b5673d4bd62

(this sample)

Formbook

Executable exe 91a4088de46853519f714462e98f3f8abd09ca5c71903639083cc3e1036a8406

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 91a4088de46853519f714462e98f3f8abd09ca5c71903639083cc3e1036a8406

Comments