MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86a0cb29def7ff5d08983191bcadced97f42b89a336f56d1351ec93ffb5964d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	86a0cb29def7ff5d08983191bcadced97f42b89a336f56d1351ec93ffb5964d8
SHA3-384 hash:	61843d9ee329af9d9ec220cbc4ea38c838ad5cba1450aa5d7405984ea08c678ae3e97606e23fb6ced8c12cf433e052b5
SHA1 hash:	7974c7eecb90c426297d1d18cce8493dc8015bc1
MD5 hash:	f1f8bd8cbd6d4035d741c6a2f43afa57
humanhash:	freddie-early-shade-seventeen
File name:	CC0095_8121AD5372-pdf.arj
Download:	download sample
Signature	Formbook Create hunting rule
File size:	746'170 bytes
First seen:	2021-03-01 07:26:16 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:Jyu8yrxyQmYTlh1RnHolXQcy6h3EtgdnM3QwbltrvADN6UZaAHV6Uwu4kpgFzN/b:JyuF/5TlhfnOQFZtgdM3ptbaXkA0Uwuu
TLSH	35F423F4F3AF7F14CD6D643568C52C82F985E3581609AEAD21DEABE5742847C282C2DC
Reporter	abuse_ch
Tags:	arj

abuse_ch

Malspam distributing unidentified malware:

HELO: host.efdi.gr
Sending IP: 95.216.225.51
From: info@dyestuff.gr
Subject: Phone call - Invoice follow up
Attachment: CC0095_8121AD5372-pdf.arj (contains "payment slip_pdf.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

102

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_badexts14.UNOFFICIAL

Sanesecurity.Malware.21668.ZipHeur.UNOFFICIAL

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/86a0cb29def7ff5d08983191bcadced97f42b89a336f56d1351ec93ffb5964d8/

Threat name:

ByteCode-MSIL.Trojan.Wacatac

Status:

Malicious

First seen:

2021-03-01 07:27:10 UTC

AV detection:

16 of 48 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=q2qmwko6677v2ceyggi3zloo3f7ufoe2gnxvnujvd3et762zmtma._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/86a0cb29def7ff5d08983191bcadced97f42b89a336f56d1351ec93ffb5964d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 86a0cb29def7ff5d08983191bcadced97f42b89a336f56d1351ec93ffb5964d8

(this sample)

exe 962717277827f35c7e785410f493c8adb708a13fb16717a29c3b01b2edcb35ac

Dropping

MD5 f53e1196aaea376f8dc81bf2776e7d2e

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 962717277827f35c7e785410f493c8adb708a13fb16717a29c3b01b2edcb35ac

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample