MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54d9fc4ff1df7eb95ceaf06e91ab49d2fbf41d285340764c278c22ae19f24b3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54d9fc4ff1df7eb95ceaf06e91ab49d2fbf41d285340764c278c22ae19f24b3a
SHA3-384 hash: 539c8d344b4b1e320ba914042ff14e3fe321967e0008e952538d906e58ae9bbfa565273bbb080fff172c8f3cd235b199
SHA1 hash: e8dc80b4f0fdda914fa38659e1335b95c3efcd03
MD5 hash: 081d227fba5ee595967879069da8e748
humanhash: sweet-michigan-beer-rugby
File name:PO2364FD212002.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:551'951 bytes
First seen:2021-01-18 08:25:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:DAK/iNQNdpOdwogr2EfXggvKwd5WOm6Wexd+RJbkfk40:ZKKpO+og2wwgvKNIWbIX0
TLSH E5C4339C6576A0E66FDD520A8177EC8DF28CEB447ABFB1A2DC84628D71C5C33C24580B
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cbdjo.cam
Sending IP: 111.90.159.32
From: Jina <export@neolens.co.kr>
Reply-To: info@neolens.co.kr
Subject: RE: PO2364#FD212002
Attachment: PO2364FD212002.rar (contains "PO2364#FD212002.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54d9fc4ff1df7eb95ceaf06e91ab49d2fbf41d285340764c278c22ae19f24b3a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 08:26:08 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ktm7yt7r357lsxhk6bxjdk2j2l57ihjiknahmtbhrqrk4gpsjm5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/54d9fc4ff1df7eb95ceaf06e91ab49d2fbf41d285340764c278c22ae19f24b3a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 54d9fc4ff1df7eb95ceaf06e91ab49d2fbf41d285340764c278c22ae19f24b3a

(this sample)

Formbook

Executable exe 178ab8c2af1c8e5a0782d79d4910efc280b6fcd1213d84cf5899d28ba232bfaa

  
Dropping
MD5 c3298c6e18313176495e56d22f45518c
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 178ab8c2af1c8e5a0782d79d4910efc280b6fcd1213d84cf5899d28ba232bfaa

Comments