MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77d401eb243c0c9997895c96437e0707719af984b19ae50633bab957fe8212f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77d401eb243c0c9997895c96437e0707719af984b19ae50633bab957fe8212f5
SHA3-384 hash: 0e896365548a18fc167a3d798c8da32ea129698fdaf0925503f05ab0d65106f3928048538cbeb6e3ba1522a042cc3b8a
SHA1 hash: 80048113ce2762117148c4fa181d5688c1a05727
MD5 hash: 3977ae64532d91a3b1d21835869becf9
humanhash: shade-utah-hot-yankee
File name:NEWORDER12082020.IMG
Download: download sample
Signature FormBook
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-12 18:10:12 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:WXeWJE2lsoZBbD03+l03+2LwezxLfWItFBFYx+WCKipI4nqhpIKj:aeUE2ldbD03+l03+2LLzxjWIFcCdIpI
TLSH 5A45BF6473949973D27A7E31C9B7151403BBBC973939C30E6ACD32CE99313A94E107AA
Reporter abuse_ch
Tags:Endurance FormBook img


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 162-241-204-248.unifiedlayer.com
Sending IP: 162.241.204.249
From: AAVIS PHARMACEUTICALS <info@aavispharma.com>
Reply-To: info@aavispharma.com
Subject: ORDER08122020
Attachment: NEWORDER12082020.IMG (contains "invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.RSharedStrings.11014.19598.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77d401eb243c0c9997895c96437e0707719af984b19ae50633bab957fe8212f5/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 14:12:56 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7kad2zehqgjtf4jlsleg7qha5yzv6mewgnokbrtxk4vp7uccl2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/77d401eb243c0c9997895c96437e0707719af984b19ae50633bab957fe8212f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 77d401eb243c0c9997895c96437e0707719af984b19ae50633bab957fe8212f5

(this sample)

FormBook

Executable exe b6bba549cf3117215c67958b942340703dbf010048d3fc7ecea2871d1d4618e7

  
Dropping
MD5 2f279fe487e7fdb78653123612eedc20
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b6bba549cf3117215c67958b942340703dbf010048d3fc7ecea2871d1d4618e7

Comments