MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9d50eedde0249bc44cfe05db036cf73b4663d47267296a13886a95672237b5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9d50eedde0249bc44cfe05db036cf73b4663d47267296a13886a95672237b5a
SHA3-384 hash: 3e0ee37dcf3f6cc38429f276e471d5baf80bab8ad3a023ea83677f193b5e01537826a9dbfe324375191c17aa9cc780ed
SHA1 hash: 42707c5288b99b6f09408a4b94bcbfa9c017ebf7
MD5 hash: 8ae44dfdf8663854759e6294444fe79c
humanhash: queen-aspen-snake-delaware
File name:Remittance Scan DOC-2029293PI207-048.pptx.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:681'706 bytes
First seen:2020-10-21 07:02:58 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:5FbLmH8BymwYvQbCCkXF8VgQJJs58+stLXLnVGsL/CmmQEYD/hsBsP:55ZBy5YGCCkXmrJMGLjYsL6mmQDKc
TLSH 90E42357B220C01ECB05FD2DE2973577D43F3C45B85DEA48F25958CA24A614AFB2BB21
Reporter abuse_ch
Tags:FormBook gz


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: geodis.com
Sending IP: 83.149.106.6
From: Nemanja Mijatovic <nemanja.mijatovic@geodis.com>
Subject: RE: Transfer Remittance (PI207-048)
Attachment: Remittance Scan DOC-2029293PI207-048.pptx.gz (contains "Remittance Scan DOC-2029293#PI207-048.pptx.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9d50eedde0249bc44cfe05db036cf73b4663d47267296a13886a95672237b5a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 16:34:53 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vhkq53o6aje3yrgp4bo3anwpoo2gmpkhezzjnijyq2uvm4rdpnna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz a9d50eedde0249bc44cfe05db036cf73b4663d47267296a13886a95672237b5a

(this sample)

Formbook

Executable exe c8cd524c89b904ad199b97a7740a9928abd939107904bb29150cdfd98f0f7404

  
Dropping
MD5 f240850c2b296921e12ed23bd0c9fa9e
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8cd524c89b904ad199b97a7740a9928abd939107904bb29150cdfd98f0f7404

Comments