MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e11cbd2ff05875fccdb87ebacdb455c85a86a157332e598d788108fe3c3d13b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e11cbd2ff05875fccdb87ebacdb455c85a86a157332e598d788108fe3c3d13b
SHA3-384 hash: 060c0414296d030a44c3ff2d39d6fb5c757e8285a1a1b06e2b45a925c242e4ce273c65362ffab3e06ebc33b9131e900f
SHA1 hash: b5b926761b7640bc6251308178671827ebe3b106
MD5 hash: 2051eb7553824619a9e682537f4df643
humanhash: indigo-beryllium-jupiter-artist
File name:Order specs19.11.20.pdf.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'441'792 bytes
First seen:2020-11-19 06:49:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:ebkNnMdUO4rvcMZKwangiFPWY/mnM44ZVA0hj+22etupDboQcNdhVACRYeK8LX:r6j4rvrKwang6WCxVA0dOGMDvcNdMX
TLSH 29659E5FA1A0483FE03316389C1B5BA46AF5BD50EDB46C462BE83D086F7919274172BF
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mx01.deltacity.net
Sending IP: 91.190.227.188
From: HBEC Thailand <info@www.hbec-thailand.com>
Reply-To: <commercial.rlavel@gmail.com>
Subject: ORDER ENQUIRY
Attachment: Order specs19.11.20.pdf.img (contains "Order specs19.11.20.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e11cbd2ff05875fccdb87ebacdb455c85a86a157332e598d788108fe3c3d13b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 06:50:06 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jyi4xux7awdv7tg3q7v2zw2flsc2q2qvomzolggxraii7y6d2e5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img 4e11cbd2ff05875fccdb87ebacdb455c85a86a157332e598d788108fe3c3d13b

(this sample)

Formbook

Executable exe 53425ac47307e7d6e98deae06742bfebdade503bf6e48766a84ea52a3045f3a8

  
Dropping
MD5 f5ffaae6be1c826e53cbd033f83d5c8e
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53425ac47307e7d6e98deae06742bfebdade503bf6e48766a84ea52a3045f3a8

Comments