MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94437e2ce2954ffebd092a0688234de000e19a8d04631ba2a3675f2362e4bbc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94437e2ce2954ffebd092a0688234de000e19a8d04631ba2a3675f2362e4bbc7
SHA3-384 hash: 32babaf46059c199be0784ea689496afc3b4078ef599789ac390fa82b322b3944f24e226d1903cf768a40bb72246b383
SHA1 hash: 452920afe1ff656e448fa57a1b32271870ad1461
MD5 hash: dd383d983dd0c2f07cc8c9b3aa16db16
humanhash: fifteen-north-cola-fanta
File name:Purchase Order.r11
Download: download sample
Signature Formbook
Create hunting rule
File size:635'651 bytes
First seen:2020-10-22 06:44:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:LVB3EiUFjiGinXSLJU6Bxz+20VIUPhM1+RXrxE/DNxpDxfjKnu1:wi/nCLJU6Bx620SFK7xE/Jxp4E
TLSH F9D423A19F01376D1FE9629F30B7A76A8EC32F9B41A424F0B7CAC9EC9447E21C613455
Reporter abuse_ch
Tags:FormBook r11


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vps.fore-mbaume.com
Sending IP: 45.95.169.145
From: Mashalla.Gogadi <info@fore-mbaume.com>
Subject: Purchase Order
Attachment: Purchase Order.r11 (contains "Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94437e2ce2954ffebd092a0688234de000e19a8d04631ba2a3675f2362e4bbc7/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 02:31:08 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=srbx4lhcsvh75pijfidiqi2n4aaodgunarrrxivdm5psgyxexpdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 94437e2ce2954ffebd092a0688234de000e19a8d04631ba2a3675f2362e4bbc7

(this sample)

Formbook

Executable exe 52f5f69cea97498f63733e3ea43b67e840177c68d4370531a008c6e7f4fc9abb

  
Dropping
MD5 8ca361d3527acb6764936e91d93813d3
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 52f5f69cea97498f63733e3ea43b67e840177c68d4370531a008c6e7f4fc9abb

Comments