MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 993ad08debc49efebf06d50f01403d52a20a8053c883e87c5e4d439bf179bac2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 993ad08debc49efebf06d50f01403d52a20a8053c883e87c5e4d439bf179bac2
SHA3-384 hash: 79faceba5e929c66957f70b111c7a692204d0b8dbd7bee9261a100528a39c6ca25ebf7cfacd612efb59950daf77d2ee6
SHA1 hash: 1177be2ace751401fb41f76dd8c1f075af567c29
MD5 hash: 10ae337ea36c5bc4479c7ccd4e85fa47
humanhash: pluto-fourteen-one-eight
File name:ADV T.T 200745743.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:326'885 bytes
First seen:2020-07-21 06:37:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:kpNQtw0uxcTBabp9tnMzoDHnkxzhqYhzosORIN7IdVeTG8KpO7YXXkrKQFpQhKn7:krQtrxT0bRMzozn5YhA1Ve9dwEGYkU
TLSH AC6423642D4236FBFD9700C7BD75009E6021A2F376727CA6845181C34B8E54CB277ABE
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mada.com
Sending IP: 45.127.62.100
From: Victor Hugo- SCOTIABANK <dcolonna@howell.k12.nj.us>
Reply-To: Victor Hugo- SCOTIABANK <ganisajbrasil@hotmail.com>
Subject: FWD: Re: Scotiabank Payment Advice
Attachment: ADV T.T 200745743.rar (contains "ADV T.T 200745743.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/993ad08debc49efebf06d50f01403d52a20a8053c883e87c5e4d439bf179bac2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:39:04 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=te5nbdplyspp5pyg2uhqcqb5kkravactzcb6q7c6jvbzx4lzxlba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.79
Link:
https://yomi.yoroi.company/submissions/993ad08debc49efebf06d50f01403d52a20a8053c883e87c5e4d439bf179bac2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 993ad08debc49efebf06d50f01403d52a20a8053c883e87c5e4d439bf179bac2

(this sample)

Formbook

Executable exe e8e7df1e48cc49d38077edc33bb21f1b9817b6da0829d92c701d63546d3231fc

  
Dropping
MD5 eb04aa9aac7f093402fb0239bc4447a1
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8e7df1e48cc49d38077edc33bb21f1b9817b6da0829d92c701d63546d3231fc

Comments