MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51f39276d8381ef6e8b2111be5a1316d9a9c9afa990405fbf1e7ee51bfb640f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51f39276d8381ef6e8b2111be5a1316d9a9c9afa990405fbf1e7ee51bfb640f4
SHA3-384 hash: 0a004f05fc19633d7b72aa9caa3bb9801996e12966599694382d9b964ec15723caa056c1a801c8a92a4be98a1c49cda5
SHA1 hash: b56ded660b0448e48b1891a03b3e3ebbe8c62fa0
MD5 hash: 15778ad45b5ca1ea72fce5f5a3bb7b2c
humanhash: foxtrot-fix-angel-berlin
File name:MEDIFORM S.A COMPANY PROFILE DETAILS.xls.7z
Download: download sample
Signature Formbook
Create hunting rule
File size:628'339 bytes
First seen:2020-10-14 15:38:59 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:goIZi38863kyl2Jt3uJgqJGCZYZbECnX1jeTxT3LPYjxmu1JNKfu+z:zd07wz3zqJX+znX1KT7KxvK1z
TLSH FBD423B38A49D8F6887516D03672CD6382F92B91C4BEC68F601BF498403D56FE6C5B87
Reporter abuse_ch
Tags:7z FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: desar.xyz
Sending IP: 67.205.150.177
From: Mediform S.A<mediform.s.a@hotmail.com>
Subject: Re: Request For New Inquiry RFQ
Attachment: MEDIFORM S.A COMPANY PROFILE DETAILS.xls.7z (contains "MEDIFORM S.A COMPANY PROFILE DETAILS.xls.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51f39276d8381ef6e8b2111be5a1316d9a9c9afa990405fbf1e7ee51bfb640f4/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 00:13:43 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=khzze5wyhappn2fscen6lijrnwnjzgx2tecal67r47xfdp5wid2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/51f39276d8381ef6e8b2111be5a1316d9a9c9afa990405fbf1e7ee51bfb640f4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

7z 51f39276d8381ef6e8b2111be5a1316d9a9c9afa990405fbf1e7ee51bfb640f4

(this sample)

Formbook

Executable exe 754b53cd03dcc7c3d854a9628e5d01447fd778aae73f7890b5f7527ad4bd76ea

  
Dropping
MD5 ed553d96a277cd4d08995f78d2605f0b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 754b53cd03dcc7c3d854a9628e5d01447fd778aae73f7890b5f7527ad4bd76ea

Comments