MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 203442a7d79acade8606dfed5062a122c12e990e61df313522846602a7bd4005. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 203442a7d79acade8606dfed5062a122c12e990e61df313522846602a7bd4005
SHA3-384 hash: bee05a4ca8dc98e510e1e05696681a740dcfd7c15849b7cc9422fa43beab81215b69cc96ad29ef06e43e91e3f3da53af
SHA1 hash: 433f2fdd5fdd21349064d21427d409cac0c356d6
MD5 hash: 664f7a3e8994e99dcd28e87d94bfb47d
humanhash: oscar-alaska-seven-nitrogen
File name:GOLvTSVQTD8nam7.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:720'021 bytes
First seen:2021-01-11 09:11:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:I+0JNORITJd+HK/7OJlmVMLaR4m7dcOakNrEpsg1muJyw7vzUaZvc0GzL1qB:+JImd+1JYSLa2m5cSN0z1muJywEAvc0H
TLSH 5EE42382C68688125E6722F7DE8C053D54BEB51DAFB15453679B5B0EBDA1E60FC230F0
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail2.hostek.it
Sending IP: 89.31.72.48
From: OCEAN MARINE SERVICES CO.,LTD <sales@oceanma.com>
Subject: MV S-BRILLIANT, BRIL/40/20, INQUIRY
Attachment: GOLvTSVQTD8nam7.rar (contains "GOLvTSVQTD8nam7.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/203442a7d79acade8606dfed5062a122c12e990e61df313522846602a7bd4005/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-01-11 09:12:13 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ea2efj6xtlfn5bqg37wvayvbelas5giomhptcnjcqrtafj55iacq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/203442a7d79acade8606dfed5062a122c12e990e61df313522846602a7bd4005

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 203442a7d79acade8606dfed5062a122c12e990e61df313522846602a7bd4005

(this sample)

Formbook

Executable exe ca179c01ce38a54fa4659496a086973f3fc99870230a725fc782c71453ac5f54

  
Dropping
MD5 d2d88b23540084d5ddcb24504cd741a5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca179c01ce38a54fa4659496a086973f3fc99870230a725fc782c71453ac5f54

Comments