MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8da1b6598e98a70f6e479a7a1f313285590efee38392f22d10c4dcf5f734272f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8da1b6598e98a70f6e479a7a1f313285590efee38392f22d10c4dcf5f734272f
SHA3-384 hash: 240c486db0ff28e9c598265ddd8edc6dad17ee542c8d547a1d02b5d4dc1248c272a0e71f335948af2304b7a4a8a5a2ff
SHA1 hash: 4d518b3fcb94a84cb24948e380cc10105f92fca4
MD5 hash: 452b898713c0ec3023916258a4244aea
humanhash: louisiana-friend-mars-early
File name:Doc 849.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:263'058 bytes
First seen:2020-10-23 11:39:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:R+aNyX7QSYVtqRVrjBxaXoGBymGzzrs8dASl2AIVUk5Qcb:R+odJVtq1xagzA+A229Vj2cb
TLSH 574423D7E1176B406B9C7F383B4CEFA1E202C04A5A2B0C5F2FA56DD7887D5626520CE6
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: srv20009.hosting.claranet.es
Sending IP: 92.54.18.66
From: administration <Fatiha.Benwakrim@maghrebail.ma>
Reply-To: Fatiha <info@asguler.com.tr>
Subject: Paiement facture
Attachment: Doc 849.zip (contains "RRUY44091239.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.321.925.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8da1b6598e98a70f6e479a7a1f313285590efee38392f22d10c4dcf5f734272f/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 11:03:17 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwq3mwmotctq63shtj5b6mjsqvmq57xdqojpeliqytopl5zue4xq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8da1b6598e98a70f6e479a7a1f313285590efee38392f22d10c4dcf5f734272f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 8da1b6598e98a70f6e479a7a1f313285590efee38392f22d10c4dcf5f734272f

(this sample)

FormBook

Executable exe 7b55f6fa510718db214cc578df054de13177b21eb20194b87f97c477ffc572d5

  
Dropping
MD5 e7da398ad3d594a064e219632ef4f603
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7b55f6fa510718db214cc578df054de13177b21eb20194b87f97c477ffc572d5

Comments