MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e04abf32af2acf3b61e1c06aa54441f08a071cdd924697b96b492eaf19b32b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e04abf32af2acf3b61e1c06aa54441f08a071cdd924697b96b492eaf19b32b1
SHA3-384 hash: 20b10582733fab0ea686f05263055ed93bce2c2fd749dd9240aae6016e56478c093f3fa7036c90ce7b411f09510f586f
SHA1 hash: 862d2d3df7ddffb3796fff87244f643b6822048d
MD5 hash: 27119583c20f6946f1ae76a989f34ca1
humanhash: quebec-blossom-xray-princess
File name:Payment_Advice.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:825'753 bytes
First seen:2021-04-06 05:29:03 UTC
Last seen:2021-04-06 16:41:59 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:ka/W+XhtPqA0QUWSgWmG3X8ZOktRe0DxpFKzAzdTubkqycBRheQ+Krl+s+5VgB+C:pnxtqQXLBWDktD3d6bkqNRhhX+1NRQ
TLSH BB05232DCB48BE93C7B4C9E88CFE781DC4C9DD7328A49D4D908AE245A85AB137941377
Reporter cocaman
Tags:HSBC zip


Avatar
cocaman
Malicious email (T1566.001)
From: "HSBC Advising Service<advising.service@mail.com>" (likely spoofed)
Received: "from mail.com (unknown [217.146.88.165]) "
Date: "05 Apr 2021 20:33:15 +0200"
Subject: "=?UTF-8?B?UGF5bWVudCBBZHZpY2UgLSBBZHZpY2UgUmVmOltHTFYyMTc5NTAwMTBdIC8gUHJpb3JpdHkgcGF5bWVudCAvIEN1c3RvbWVyIFJlZjpbMjA5VFJBUEEwMDA5OTE2M10gIOS7mOasvumAmuefpeabuCAtIOmAmuefpeabuOWPg+iAg+e3qOiZnyBSZWY6W0dMVjIxNzk1MDAxMF0gLyBQcmlvcml0eSBwYXltZW50IC8g5a6i5oi25Y+D6ICD57eo6Jmf77yaWzIwOVRSQVBBMDAwOTkxNjNdIA==?="
Attachment: "Payment_Advice.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn55.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20794.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/6e04abf32af2acf3b61e1c06aa54441f08a071cdd924697b96b492eaf19b32b1
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e04abf32af2acf3b61e1c06aa54441f08a071cdd924697b96b492eaf19b32b1/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 05:30:09 UTC
File Type:
Binary (Archive)
Extracted files:
34
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nyckx4zk6kwphnq6dqdkuvced4eka4on3esgs64wwsjov4m3gkyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6e04abf32af2acf3b61e1c06aa54441f08a071cdd924697b96b492eaf19b32b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 6e04abf32af2acf3b61e1c06aa54441f08a071cdd924697b96b492eaf19b32b1

(this sample)

Formbook

Executable exe 9269d3cadb8c6197fa6d8cc93549e8f13db426b0b7d84f45923f24e99c429aee

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9269d3cadb8c6197fa6d8cc93549e8f13db426b0b7d84f45923f24e99c429aee

Comments