MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d20f678ab3bee880490759c7aec36f70d7cd98aaa9398fb734f64f12c24b81d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d20f678ab3bee880490759c7aec36f70d7cd98aaa9398fb734f64f12c24b81d
SHA3-384 hash: 05655ef5b7816d6d601fd2fa0f58635ba127322ba4d01a59f77ae7566954338abcb7cf89b32321f3d46fd899082a1f6c
SHA1 hash: 828a7b0a6ca3c048a184b090f6da164164204b33
MD5 hash: 5bcdc6f4b8f2314b1bf3af5618b8806c
humanhash: beryllium-colorado-leopard-alpha
File name:Shipping Docs_pdf.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:1'096'228 bytes
First seen:2021-01-19 17:53:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:rmbJVoFefaXyL5hxqrnqxSLoKtyaVLQzcCGiEaF+Yt:6bJmeXl0qr+VsdEan
TLSH EC3533F84FAEC6C9883D2F92B112DEB7D07CD03185D571545B2AAB4029CD418ABDC6ED
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: host.cmxbd.com
Sending IP: 204.197.252.164
From: Gary Blowes <gary.blowes@britishmarine.com>
Subject: RE: Shipping Docs
Attachment: Shipping Docs_pdf.rar (contains "Shipping Docs_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d20f678ab3bee880490759c7aec36f70d7cd98aaa9398fb734f64f12c24b81d/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 17:54:06 UTC
AV detection:
7 of 44 (15.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=juqpm6flhpxiqbeqowohv3bw64gxzwmkvkjzr63tj5spclbexaoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4d20f678ab3bee880490759c7aec36f70d7cd98aaa9398fb734f64f12c24b81d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 4d20f678ab3bee880490759c7aec36f70d7cd98aaa9398fb734f64f12c24b81d

(this sample)

Formbook

Executable exe f3ddc95f31cacb29b7ec70b8dd6f0fb5befb759f7044e491b269417e91037d1d

  
Dropping
MD5 6bcd66deb9a6bddfa3f2329cde1b6126
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f3ddc95f31cacb29b7ec70b8dd6f0fb5befb759f7044e491b269417e91037d1d

Comments