MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a865b8edb83f6a2a367af5b1cd56be61013d05cb316016cd5c517440e9cac83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a865b8edb83f6a2a367af5b1cd56be61013d05cb316016cd5c517440e9cac83
SHA3-384 hash: 2d0409e5d38b8216aa62de934e8368af84c80f03da5c5eb6215b002cab645a89970ca1ce348bde4fa8b54cce6c90fcd5
SHA1 hash: e46aad4617300f4403790dea65a33c3f5317b6be
MD5 hash: 5f50303a0a62ff1269c5b5347b11119b
humanhash: angel-lactose-five-zebra
File name:Shipping Docs_Original BL, Invoice & Packing List.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:806'189 bytes
First seen:2021-03-17 12:43:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:in79v4p8iIoybRWK+Xyesj4ldohWv7GhIfQdyb6LKkpqw6dzN:ip4DjyAK+XyepbpvlQybaKkZ4
TLSH A10533B506A90A6B8F112795C3C9BC0F947F696B6BBB543C3905F0CBB8DD6FC4082944
Reporter cocaman
Tags:DHL FormBook INVOICE zip


Avatar
cocaman
Malicious email (T1566.001)
From: "DHL | Global Forwarding <dispatch@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [217.146.81.124]) "
Date: "17 Mar 2021 13:22:23 +0100"
Subject: "RE: Telex Release - B/L PZU100002800 - lgpartner.ch"
Attachment: "Shipping Docs_Original BL, Invoice & Packing List.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn25.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/5a865b8edb83f6a2a367af5b1cd56be61013d05cb316016cd5c517440e9cac83
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a865b8edb83f6a2a367af5b1cd56be61013d05cb316016cd5c517440e9cac83/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-17 12:44:07 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lkdfxdw3qp3kfi3hv5nrzvll4yibhuc4wmlac3gvyuluidu4vsbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/5a865b8edb83f6a2a367af5b1cd56be61013d05cb316016cd5c517440e9cac83

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 5a865b8edb83f6a2a367af5b1cd56be61013d05cb316016cd5c517440e9cac83

(this sample)

Formbook

Executable exe acbc661362c5c74ea45dec851dc46faf865715f15df064f722d945af8a293563

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 acbc661362c5c74ea45dec851dc46faf865715f15df064f722d945af8a293563
  
Dropping
Formbook

Comments