MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55e112824b2b5ab36c8bee4b5653f0a08403e1daf0e32211e5436fd5545a6bda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55e112824b2b5ab36c8bee4b5653f0a08403e1daf0e32211e5436fd5545a6bda
SHA3-384 hash: 5ebc4268da11b6ab23023281359f5a5b5b6ba15b5ee18a5470611a92fcae099f3149c9ba105b66039cc24009708d3b4c
SHA1 hash: 9ccd7fda14d379608d215dfbb56ba76d4249abe9
MD5 hash: 26042ee1d98ebd0a692b5fd798e800b9
humanhash: pasta-blossom-nineteen-oklahoma
File name:TR_008 Purchase Order.iso
Download: download sample
Signature Formbook
Create hunting rule
File size:847'872 bytes
First seen:2020-10-09 06:10:16 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:nqOkbtgxFka6c9ntitV/0NvLF2n33HfBZXfeJj9CFpaSe3iLgu1VUk5u6PEOQWdf:ntxOjc9nItVsVF23LeUp+3ijck5
TLSH 46059DAC325075EFC95BC876CEA82C64EA117477531BD203A06B16AD9E0DA9BCF141F3
Reporter abuse_ch
Tags:FormBook iso


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: host.kroser.com.uy
Sending IP: 162.211.86.3
From: Hangzhou Zhejiang Co., Ltd. <sales@technorexco.com>
Subject: RFQ # Q20182401 // ORDER_N ° 10014 // New_Suppliers_Ord er / [OCT-DEC]
Attachment: TR_008 Purchase Order.iso (contains "TR_008 Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55e112824b2b5ab36c8bee4b5653f0a08403e1daf0e32211e5436fd5545a6bda/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 01:39:23 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kxqrfaslfnnlg3el5zfvmu7quccahyo26drseepfinx5kvc2npna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/55e112824b2b5ab36c8bee4b5653f0a08403e1daf0e32211e5436fd5545a6bda

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 55e112824b2b5ab36c8bee4b5653f0a08403e1daf0e32211e5436fd5545a6bda

(this sample)

Formbook

Executable exe 1ebd02f5868d1d9320e811ab81f392e6b2e4d8c9daf8e4d3b254d7aa054db784

  
Dropping
MD5 b3bf6b0f34dc19c7f86ab51e0b882b3b
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1ebd02f5868d1d9320e811ab81f392e6b2e4d8c9daf8e4d3b254d7aa054db784

Comments