MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f5ea6573b223f074be48820eac2989ca07316be6ca7353ef7efe43a39f592c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f5ea6573b223f074be48820eac2989ca07316be6ca7353ef7efe43a39f592c5
SHA3-384 hash: d784375571264578ab346a2d662060d8bd71bccac3f17eef3403649eca4e6a897d98eaf28feac632896a6c6db4c795ec
SHA1 hash: 17ee7c7748348a97d7db3315122a5db36ae2aa75
MD5 hash: aa3c633f5ec33175bddca80e63191bd1
humanhash: alabama-comet-robin-high
File name:Mv Maersk Kleven V949E_pdf.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:685'392 bytes
First seen:2021-01-14 06:58:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:IlhiH6VIBfPBntGQ4B/bfrSckRAc3254BvFctP0/lb0J29XFR80nC7nBHV:pPx4Q4crRNKSFIW19Xv80C7BHV
TLSH 7BE433160C9F5416B7EACC7C5060FE4B282FBDAE28C819DCE4E9C909640E75394EBE19
Reporter abuse_ch
Tags:FormBook gz Maersk


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vm4983.aproweb.it
Sending IP: 217.64.205.19
From: A.P. Moller - Maersk <info@hoteldaltavilla.it>
Subject: RE : RE : URGENT!!! 2 x 20ft - SHIPPING DOC BL,SI,INV#462345 // MAERSK KLEVEN V.949E // CLGQOE191781 //
Attachment: Mv Maersk Kleven V949E_pdf.gz (contains "Mv Maersk Kleven V949E_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_badexts14.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Siggen11.57608.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f5ea6573b223f074be48820eac2989ca07316be6ca7353ef7efe43a39f592c5/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 06:59:08 UTC
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r5pkmvz3ei7qos7eraqovquytsqhgfv6nsttkpxx57sduopvslcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8f5ea6573b223f074be48820eac2989ca07316be6ca7353ef7efe43a39f592c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 8f5ea6573b223f074be48820eac2989ca07316be6ca7353ef7efe43a39f592c5

(this sample)

Formbook

Executable exe c94c6548dd723a5b6aac345f8aae65d4d8c6e86c3e86195c32616ab5dfa8cba9

  
Dropping
MD5 e47c0ab9cf929abce76d77ae7d634095
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c94c6548dd723a5b6aac345f8aae65d4d8c6e86c3e86195c32616ab5dfa8cba9

Comments