MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5688cb151b0ac1bc8c275723d4abcca14a2e9a33cdb38255bc684c57e4e5efe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5688cb151b0ac1bc8c275723d4abcca14a2e9a33cdb38255bc684c57e4e5efe
SHA3-384 hash: 9e40923b4c9c891a9fcb62e8d9fb309230792947d30af06762c77aca8676d58257d7a7aa145115d29247db45fc842c6b
SHA1 hash: fc60650ae9ce0ec79e93f4532a31ac736ddc7555
MD5 hash: 2201358746cc15e3241882a22d19eaf7
humanhash: queen-aspen-apart-four
File name:Commercial Invoice.pdf.img
Download: download sample
Signature Formbook
Create hunting rule
File size:1'245'184 bytes
First seen:2021-02-24 07:02:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:Q9X0GfUPSPcDNw4V8mxmFJnUEiAGUkfNKKQUfV:20qcSPgy4imiJFAAUf
TLSH 24451212AB80D5B7C963443002BD3A619FE2E21462E74B077B8C1B893FBB9E35D5E951
Reporter abuse_ch
Tags:FormBook img


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: host.findingtalent.net
Sending IP: 69.16.227.88
From: Bernard Pang <u00a0febjobs@applianceworld.co.ug>
Subject: Re: Commercial Invoice & Packing List
Attachment: Commercial Invoice.pdf.img (contains "orders.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5688cb151b0ac1bc8c275723d4abcca14a2e9a33cdb38255bc684c57e4e5efe/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 01:35:59 UTC
AV detection:
5 of 47 (10.64%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wvuizmkrwcwbxsgcovzd2sv4zikkf2ndhtntqjk3y2cmk7sol37a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

img b5688cb151b0ac1bc8c275723d4abcca14a2e9a33cdb38255bc684c57e4e5efe

(this sample)

Formbook

Executable exe afb1636fdca55d626976ab954099894c7a235cbac8eb6c5ed2cf74673b86c82b

  
Dropping
MD5 c68ae1dc9c1c0a4dbce5ec93ab845b2c
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 afb1636fdca55d626976ab954099894c7a235cbac8eb6c5ed2cf74673b86c82b

Comments