MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a5d2c11295177b01b3ce892b63e5440efd493385d2b93956df2f1497ad758e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a5d2c11295177b01b3ce892b63e5440efd493385d2b93956df2f1497ad758e3
SHA3-384 hash: 55bfc3ecff2f27846422af1b694d34b8acf4ce9436a958e79d43683cdc92824d088576fd43b2a0a864562d6cc0ce6a74
SHA1 hash: 1d019ceba07f0e33af3a7ea1b5fb5db4985a6a3a
MD5 hash: f8d5dd20427843caeb6a81fc38efaf59
humanhash: orange-september-timing-delaware
File name:DEBIT NOTE DB-1130.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:483'775 bytes
First seen:2020-11-18 12:23:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:+8v7kgkUyibz4mWUALrhtKR1/BrrqQY863KkH4J:p7kdBLrKR1JHqH883YJ
TLSH 1BA423EB42541F0BB2AA4C668D873E083E810DDC69D042CEDF92D1AA9DFD5BC1CD6525
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: iqum.mx
Sending IP: 67.227.222.135
From: Jenny Jiang<Jenny.Jiang@bmo.com>
Subject: Payment advice for victim-domain
Attachment: DEBIT NOTE DB-1130.zip (contains "DEBIT NOTE DB-1130.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a5d2c11295177b01b3ce892b63e5440efd493385d2b93956df2f1497ad758e3/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 12:24:04 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pjosyejjkf33agz45cjlmpsuidx5jezyluvzhfln6lyus6wxldrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 7a5d2c11295177b01b3ce892b63e5440efd493385d2b93956df2f1497ad758e3

(this sample)

Formbook

Executable exe f78a1ebc98a1c1482564cc64a7d10ba7c1ed03591b8cebeba72f27df590dd57d

  
Dropping
MD5 cd37a850eaf5df658cb98d0963efaee0
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f78a1ebc98a1c1482564cc64a7d10ba7c1ed03591b8cebeba72f27df590dd57d

Comments