MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4eabda3c4724724846da9d8ef11e185522be88b9a2a66e5cf81912938d5b6f6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4eabda3c4724724846da9d8ef11e185522be88b9a2a66e5cf81912938d5b6f6b
SHA3-384 hash: 6037c47c9485a8e124f0ed1c6694ce1d175404096e43ccd8d9a842a8c2ac877fa9c40747b6710c7de5454cb332dd72db
SHA1 hash: 713ed3a22c3ee0ba79b2a889cf2c734a15475f19
MD5 hash: c138a88f7ab7dcc6dae06763e55fb6d4
humanhash: harry-crazy-nine-potato
File name:770005.r00
Download: download sample
Signature Formbook
Create hunting rule
File size:848'842 bytes
First seen:2020-08-18 10:59:42 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:ZavtfFCJqSAsynDes4vfzPorRuWT/1ItO3UMAETSt8p3P1MZySqX3JWOCw3HBkEC:ZC1rNCFcRr/sIlAEfPeZyCOt0f5Oi
TLSH EE0533108404FD627C908C5DC7A3782C11FB9951DF28B17A3F8AE21DAD3775A67C2E6A
Reporter abuse_ch
Tags:FormBook r00


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: swn0.721.zazomika.ml
Sending IP: 178.62.210.203
From: Jose Sanchez Calanche <merchandiser2@gemtexltd-bd.com>
Subject: Transmission Approved
Attachment: 770005.r00 (contains "770005.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4eabda3c4724724846da9d8ef11e185522be88b9a2a66e5cf81912938d5b6f6b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:01:07 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j2v5upcherzeqrw2twhpchqykurl5cfzuktg4xhydejjhdk3n5vq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4eabda3c4724724846da9d8ef11e185522be88b9a2a66e5cf81912938d5b6f6b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

r00 4eabda3c4724724846da9d8ef11e185522be88b9a2a66e5cf81912938d5b6f6b

(this sample)

Formbook

Executable exe 5c5e4e31bde29168e03fa8cce36bab9b577568137edab59f68f8968616546ed9

  
Dropping
MD5 aa53ee3baa0b0f49995b568d563dc9de
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c5e4e31bde29168e03fa8cce36bab9b577568137edab59f68f8968616546ed9

Comments