MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5878b78f1219747c8f82913ba0d6b78664d24187b5d2f31dbf4141bc2f1ada29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5878b78f1219747c8f82913ba0d6b78664d24187b5d2f31dbf4141bc2f1ada29
SHA3-384 hash: a1c7dbf854cfe36ed8e2af891755afb6ea36ce5c6c87cbfd2da3f642859eb9e46c11181160f62ae52e21bfd781910d14
SHA1 hash: b2f2f85b8c56fa3d8362d7bb87b18f08ac6555f2
MD5 hash: ed2c0f3e5a2508b6ca83c5e647371332
humanhash: bulldog-timing-wolfram-sierra
File name:PO_JAN907092941_BARYSLpdf.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:522'480 bytes
First seen:2021-01-18 08:01:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:whmZBJPHhVO2qqxhWAP8hX3X9KIDvdux75KFBn56e+:whmZBJ/iqLDYdrDFeFKFF8e+
TLSH 59B42396E47C3D603A2BD4ECF8244AB73A92115D6BCC9B160713B7E4FBCD0F44AA2156
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cpanel3.centrin.net.id
Sending IP: 202.146.241.47
From: Barysl Logistics <acctg@baryslogs.com>
Reply-To: acctg@baryslogs.com
Subject: Re: Re: BARYSL/CHEVEUX /PO#092941 /NYC/
Attachment: PO_JAN907092941_BARYSLpdf.arj (contains "PO_JAN907#092941_BARYSLpdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1480.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Siggen11.57608.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5878b78f1219747c8f82913ba0d6b78664d24187b5d2f31dbf4141bc2f1ada29/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 08:01:18 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lb4lpdysdf2hzd4cse52bvvxqzsneqmhwxjpghn7ifa3yly23iuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5878b78f1219747c8f82913ba0d6b78664d24187b5d2f31dbf4141bc2f1ada29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 5878b78f1219747c8f82913ba0d6b78664d24187b5d2f31dbf4141bc2f1ada29

(this sample)

Formbook

Executable exe 7139fbd600738d2f456c7f11ae105e45ab0bb6e14a473ae0e68391b8125da393

  
Dropping
MD5 e24296acfd8c4ec1fb1e5b4b9379be14
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7139fbd600738d2f456c7f11ae105e45ab0bb6e14a473ae0e68391b8125da393

Comments