MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f2fde248e872893e40029672e4f2cfa5530b048fd9a1a5ae3ce1c6acda70dbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f2fde248e872893e40029672e4f2cfa5530b048fd9a1a5ae3ce1c6acda70dbe
SHA3-384 hash: 44e0891bdea5a441ef69bf6fd69137ddcadf237ebe7302683e4aee18b3a511fa855b24079efc766e52255a03c5af094b
SHA1 hash: bacfe08fa4f30e380294f667d0a9fe7499b35d19
MD5 hash: 0a31675ac7b7777672adbeb60afcf86b
humanhash: hamper-butter-robert-mango
File name:DK Purchase Order 2021 - 00041.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:550'132 bytes
First seen:2021-03-22 06:09:07 UTC
Last seen:2021-03-29 15:07:22 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:iO8f0H4HzYWjQK9AUB0wUEpQacazGbyfj0X/VHE:qBkKqA0e/z2yfYX/xE
TLSH 1AC42321361AEED775E36F34C7B268E302DEE7A942861F0DE009277592D0543327B792
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Ainun K.<purchases@ec1.evergrown.com>" (likely spoofed)
Received: "from ec1.evergrown.com (unknown [217.146.88.165]) "
Date: "22 Mar 2021 05:39:07 +0100"
Subject: "ORDER DKL21-00041 "
Attachment: "DK Purchase Order 2021 - 00041.zip"

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn45.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/3f2fde248e872893e40029672e4f2cfa5530b048fd9a1a5ae3ce1c6acda70dbe
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f2fde248e872893e40029672e4f2cfa5530b048fd9a1a5ae3ce1c6acda70dbe/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 06:10:08 UTC
File Type:
Binary (Archive)
Extracted files:
39
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4x54jeoq4ujhzaaffts4tzm7jktbmci7wnbuwxdzyogvtnhbw7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3f2fde248e872893e40029672e4f2cfa5530b048fd9a1a5ae3ce1c6acda70dbe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 3f2fde248e872893e40029672e4f2cfa5530b048fd9a1a5ae3ce1c6acda70dbe

(this sample)

Formbook

Executable exe 58626b2130d20a2bacbcefa97d06dc1e4d55b123a86a3f074bd2e8212ee60ae8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 58626b2130d20a2bacbcefa97d06dc1e4d55b123a86a3f074bd2e8212ee60ae8

Comments